Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-13591 — DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authoriz…

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation …

| Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13590 — seladb PcapPlusPlus Modbus Protocol ModbusLayer.h getLength heap-based overflow

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol …

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.3 HIGH
CVE-2026-12912 — Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images …

enterprise_linux enterprise_linux hardened_images | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13589 — seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based…

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.0 MEDIUM
CVE-2026-13752 — Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creat…

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths,…

| Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13588 — seladb PcapPlusPlus TLS Hello SSLHandshake.cpp getHandshakeVersion heap-based overflow

A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the com…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.1 MEDIUM
CVE-2026-13751 — Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remot…

| Server-Side Request Forgery
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.5 MEDIUM
CVE-2026-13750 — Snowflake CLI Sensitive Credential Exposure Through Debug Logging

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by…

| Information Disclosure
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.8 MEDIUM
CVE-2026-9105 — Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause th…

tl-wr841n | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-13749 — Snowflake CLI Arbitrary Code Execution via Snowpark Annotation Processor Template Injecti…

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An a…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13587 — seladb PcapPlusPlus LightPcapNg light_pcapng.c parse_by_block_type heap-based overflow

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulat…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.3 MEDIUM
CVE-2026-13748 — Snowflake CLI Arbitrary Local File Read and Exfiltration Through Improper File Path Restr…

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit t…

| Path Traversal
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
3.6 LOW
CVE-2026-13746 — Snowflake CLI SQL Injection Through Improper Neutralization of Local CLI Parameters

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cor…

| Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13583 — Edimax EW-7478APC POST Request formUSBFolder buffer overflow

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argu…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.4 CRITICAL
CVE-2026-41052 — Rancher Privilege Escalation from Project Owner to Host

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

rancher | Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.3 HIGH
CVE-2026-13744 — Snowflake CLI SQL Injection Through Improper Neutralization of User-Controlled Input

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manife…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13582 — Edimax EW-7478APC POST Request formUSBAccount buffer overflow

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argu…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13437 — Devolutions PowerShell Universal: Information Disclosure in AI Agent Job API

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, poten…

| Information Disclosure
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.9 MEDIUM
CVE-2026-13742 — Lack of signature verification before execution of downloaded content

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, l…

| Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13581 — Edimax EW-7478APC POST Request formStaDrvSetup os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipula…

| Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Showing 20 of 7271 Results