Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.6 HIGH
CVE-2026-44504 — Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, giv…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.0 HIGH
CVE-2026-44503 — Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host…

The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redi…

Remote | Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-44501 — DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the…

Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.9 MEDIUM
CVE-2026-42597 — Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// sch…

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers…

Remote | Path Traversal
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.4 CRITICAL
CVE-2026-42596 — Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is r…

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.6 HIGH
CVE-2026-42595 — Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny…

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based S…

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.5 HIGH
CVE-2026-42594 — Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async…

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…

Remote | Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.3 MEDIUM
CVE-2026-42593 — Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split…

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/…

Remote | Path Traversal
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.3 MEDIUM
CVE-2026-42592 — Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only th…

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.2 HIGH
CVE-2026-42591 — Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without …

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.2 HIGH
CVE-2026-42590 — Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary…

Remote | Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.8 CRITICAL
CVE-2026-42589 — Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to E…

Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.7 HIGH
CVE-2026-42283 — DevSpace UI Server WebSocket CheckOrigin does not validate source

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore s…

| Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.2 CRITICAL
CVE-2026-42281 — MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to …

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.3 MEDIUM
CVE-2026-42159 — Flowsint: Stored XSS in description of node

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, whic…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.2 HIGH
CVE-2026-40893 — Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Ar…

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t…

Remote | Path Traversal
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.3 CRITICAL
CVE-2026-44484 — Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

Remote | Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.6 CRITICAL
CVE-2026-44482 — soundcloud-rpc: Remote Code Execution via XSS in Track Title

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app…

Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.5 HIGH
CVE-2026-44375 — Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-…

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A…

Remote | Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-44374 — Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access…

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…

backstage_plugin-techdocs-node | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
Showing 20 of 6267 Results