Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-6110 — FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The ma…

metagpt | Remote | Injection
Apr 12, 2026 Apr 30, 2026
Apr 12, 2026
Apr 30, 2026
8.2 HIGH
CVE-2026-1116 — Cross-site Scripting (XSS) in parisneo/lollms

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o…

lollms | Remote | Cross-Site Scripting
Apr 12, 2026 Apr 17, 2026
Apr 12, 2026
Apr 17, 2026
8.8 HIGH
CVE-2026-6109 — FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request for…

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the componen…

metagpt | Remote | Cross-Site Request Forgery
Apr 12, 2026 Apr 29, 2026
Apr 12, 2026
Apr 29, 2026
6.5 MEDIUM
CVE-2026-6108 — 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mod…

maxkb | Remote | Injection
Apr 12, 2026 Apr 29, 2026
Apr 12, 2026
Apr 29, 2026
5.1 MEDIUM
CVE-2026-6107 — 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting

A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware.…

maxkb | Remote | Cross-Site Scripting
Apr 12, 2026 Apr 24, 2026
Apr 12, 2026
Apr 24, 2026
5.1 MEDIUM
CVE-2026-6106 — 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross s…

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co…

maxkb | Remote | Cross-Site Scripting
Apr 11, 2026 Apr 29, 2026
Apr 11, 2026
Apr 29, 2026
7.5 HIGH
CVE-2026-6105 — perfree go-fastdfs-web doInstall InstallController.java improper authorization

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…

Remote | Authorization
Apr 11, 2026 Apr 29, 2026
Apr 11, 2026
Apr 29, 2026
9.3 CRITICAL
CVE-2026-31845 — Rukovoditel CRM Zadarma Telephony API Reflected XSS

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflect…

Remote | Cross-Site Scripting
Apr 11, 2026 Apr 13, 2026
Apr 11, 2026
Apr 13, 2026
8.3 HIGH
CVE-2026-32146 — Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modifica…

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and…

gleam | Path Traversal
Apr 11, 2026 Apr 14, 2026
Apr 11, 2026
Apr 14, 2026
6.5 MEDIUM
CVE-2026-23900 — Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

maps | Remote | Cross-Site Scripting
Apr 11, 2026 Apr 17, 2026
Apr 11, 2026
Apr 17, 2026
7.1 HIGH
CVE-2026-5809 — wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[bod…

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action han…

wpforo_forum | Remote | Path Traversal
Apr 11, 2026 Apr 24, 2026
Apr 11, 2026
Apr 24, 2026
9.6 CRITICAL
CVE-2026-34621 — Adobe Acrobat and Reader Prototype Pollution Vulnerability - [Actively Exploited]

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could re…

acrobat_dc acrobat_reader_dc macos acrobat acrobat_reader windows | CISA KEV Remote | Memory Corruption
Apr 11, 2026 Apr 13, 2026
Apr 11, 2026
Apr 13, 2026
Showing 20 of 5452 Results