Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-42196 — django-s3file: Relative path traversal

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified requ…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-44262 — Scramble: Remote code execution via evaluation of user-controlled input in validation rul…

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, req…

| Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-44296 — Deskflow: TLS multiplexer DoS on failed `SSL_accept`

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-44015 — Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access t…

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitra…

| Server-Side Request Forgery
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.0 HIGH
CVE-2026-35555 — Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-43948 — wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object …

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.0 MEDIUM
CVE-2026-8052 — Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through …

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-7474 — Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.…

Remote | Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.0 MEDIUM
CVE-2026-6959 — Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.8 CRITICAL
CVE-2026-45185 — Exim GnuTLS Use-After-Free Remote Code Execution Vulnerability

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…

Remote | Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.9 MEDIUM
CVE-2026-44874 — Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Succe…

Remote | Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.4 MEDIUM
CVE-2026-44873 — Insufficient Session Invalidation on User Account Deactivation in AOS-8 Operating System

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated wh…

Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44872 — Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based M…

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arb…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44870 — Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service A…

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44869 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44868 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44867 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44866 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44865 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44864 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6256 Results