Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-33285 — LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse r…

| Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
0.0 NA
CVE-2026-33287 — LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` whi…

| Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
0.0 NA
CVE-2026-33942 — Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token s…

| Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
0.0 NA
CVE-2026-33183 — Saloon has a Fixture Name Path Traversal Vulnerability

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without v…

| Path Traversal
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
0.0 NA
CVE-2026-33182 — Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overridi…

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request end…

| Server-Side Request Forgery
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
0.0 NA
CVE-2026-4830 — kalcaddle kodbox Public Share userShare.class.php add privilege escalation

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipu…

| Misconfiguration
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.5 MEDIUM
CVE-2026-4826 — SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injecti…

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. Thi…

Remote | Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.8 HIGH
CVE-2026-4758 — WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume C…

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up…

Remote | Path Traversal
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.7 HIGH
CVE-2026-34056 — OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows lo…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-34055 — OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perfo…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.1 HIGH
CVE-2026-34053 — OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-34051 — OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, …

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
4.3 MEDIUM
CVE-2026-33934 — OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staf…

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signatur…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.1 MEDIUM
CVE-2026-33933 — Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XS…

Remote | Cross-Site Scripting
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.6 HIGH
CVE-2026-33932 — OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document pre…

Remote | Cross-Site Scripting
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.5 MEDIUM
CVE-2026-33931 — OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the pati…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.6 HIGH
CVE-2026-33918 — OpenEMR Missing Authorization on Claim File Download Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.8 HIGH
CVE-2026-33917 — OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form th…

Remote | Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-33915 — OpenEMR Missing ACL Checks on Insurance Company API Routes

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.2 HIGH
CVE-2026-33914 — OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability…

Remote | Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
Showing 20 of 6015 Results