Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-40350 — Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privile…

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use t…

movary | Remote | Authentication
Apr 18, 2026 Apr 27, 2026
Apr 18, 2026
Apr 27, 2026
9.3 CRITICAL
CVE-2026-40317 — NovumOS has Privilege Escalation in the Syscall Interface

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers with…

novumos | Authentication
Apr 18, 2026 Apr 27, 2026
Apr 18, 2026
Apr 27, 2026
7.5 HIGH
CVE-2026-35465 — SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Se…

securedrop-client | Remote | Path Traversal
Apr 18, 2026 Apr 23, 2026
Apr 18, 2026
Apr 23, 2026
Showing 20 of 6143 Results