Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-36438 — Intelbras VIP-1230-D-G4 Information Disclosure Vulnerability

An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd

| Information Disclosure
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
0.0 NA
CVE-2025-57282 — Ngrok Command Injection Vulnerability

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.

| Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
0.0 NA
CVE-2025-56352 — TinyMQTT Broker Protocol Violation Leaving File Descriptors Open

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C…

| Denial of Service
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8769 — vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource cons…

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/respons…

Remote | Denial of Service
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8768 — vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils.…

Remote | Server-Side Request Forgery
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
5.0 MEDIUM
CVE-2026-8767 — vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manip…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
4.3 MEDIUM
CVE-2026-8766 — Kilo-Org kilocode Environment Variable config.ts load information disclosure

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…

Remote | Information Disclosure
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
4.3 MEDIUM
CVE-2026-8765 — Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
8.3 HIGH
CVE-2026-8764 — H3C Magic B3 aspForm UpdateWanParams buffer overflow

A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffe…

Remote | Memory Corruption
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
9.8 CRITICAL
CVE-2026-8721 — Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded N…

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…

Remote | Cryptography
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
9.8 CRITICAL
CVE-2026-8507 — Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…

Remote | Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.2 HIGH
CVE-2026-46720 — Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…

Remote | Injection
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
7.5 HIGH
CVE-2026-8759 — xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFuncti…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8758 — Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lea…

Remote | Misconfiguration
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8757 — adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8756 — fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the comp…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8755 — fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal

A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
6.5 MEDIUM
CVE-2026-8754 — AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulatio…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
6.5 MEDIUM
CVE-2026-8753 — kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
8.8 HIGH
CVE-2018-25339 — Zechat 1.5 SQL Injection via v parameter (time-based blind)

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
Showing 20 of 6174 Results