Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-51926 — docuForm FSM Client User Enumeration Vulnerability

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that…

| Authentication
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51925 — docuForm GmbH Local File Inclusion

A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit…

| Path Traversal
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51924 — docuForm Client Remote Code Execution

An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component

| Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51923 — docuForm GmbH Insecure Direct Object Reference Vulnerability

An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or re…

| Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.1 HIGH
CVE-2026-33801 — Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attack…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.1 HIGH
CVE-2026-33800 — Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause a…

An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-S…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.3 MEDIUM
CVE-2026-33799 — Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory lea…

An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries …

Remote | Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.2 HIGH
CVE-2026-33794 — Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE cra…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit (evo-aftmand) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated…

Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-31267 — Mercusys MW302R Buffer Overflow Vulnerability

Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allow…

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.7 MEDIUM
CVE-2026-21901 — Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash

A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific S…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2025-45422 — Proximus b-box Improper Access Control

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.

| Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-15270 — D-link DIR-823G Web boa.conf least privilege violation

A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing…

Remote
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.8 MEDIUM
CVE-2026-0278 — Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access A…

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.7 MEDIUM
CVE-2026-0277 — Prisma Access Agent: Improper Certificate Validation on iOS

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Age…

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
1.1 LOW
CVE-2026-0276 — Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
2.0 LOW
CVE-2026-0275 — Prisma Browser: Local Privilege Escalation on macOS

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the devic…

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-59149 — Mockoon: Path traversal in templated `filePath` lets a request escape the served director…

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.t…

Remote | Path Traversal
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.8 HIGH
CVE-2026-59148 — Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret th…

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock route…

Remote
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.5 MEDIUM
CVE-2026-58198 — ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ub…

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.1 MEDIUM
CVE-2026-55590 — CakePHP: Open redirect weakness via backslash bypass

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness …

Remote
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
Showing 20 of 7351 Results