Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-2421 — ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Trav…

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJ…

Remote | Path Traversal
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.1 HIGH
CVE-2026-27625 — Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Ext…

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entrie…

stirling_pdf stirling_pdf | Remote | Path Traversal
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
0.0 NA
CVE-2026-23278 — netfilter: nf_tables: always walk all pending catchall elements

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchal…

linux_kernel | Memory Corruption
Mar 20, 2026 Mar 25, 2026
Mar 20, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23277 — net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb,…

linux_kernel | Misconfiguration
Mar 20, 2026 Mar 25, 2026
Mar 20, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23276 — net: add xmit recursion limit to tunnel xmit functions

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recur…

linux_kernel | Denial of Service
Mar 20, 2026 Mar 25, 2026
Mar 20, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23275 — io_uring: ensure ctx->rings is stable for task work flags manipulation

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is …

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23274 — netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and al…

linux_kernel | Misconfiguration
Mar 20, 2026 Mar 25, 2026
Mar 20, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23273 — macvlan: observe an RCU grace period in macvlan_common_newlink() error path

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens af…

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23272 — netfilter: nf_tables: unconditionally bump set->nelems before insertion

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets publishe…

linux_kernel | Race Condition
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-23271 — perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabl…

linux_kernel | Race Condition
Mar 20, 2026 Mar 25, 2026
Mar 20, 2026
Mar 25, 2026
8.7 HIGH
CVE-2026-33191 — free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacke…

free5gc udm | Remote | Injection
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
6.9 MEDIUM
CVE-2026-33065 — free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscript…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into …

free5gc udm | Remote | Misconfiguration
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
8.7 HIGH
CVE-2026-33064 — free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sd…

free5gc udm | Remote | Memory Corruption
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
5.8 MEDIUM
CVE-2026-33061 — exactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objec…

| Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.3 MEDIUM
CVE-2026-33060 — CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requ…

Remote | Server-Side Request Forgery
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
9.8 CRITICAL
CVE-2026-33057 — Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests u…

mesop | Remote | Authentication
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
6.5 MEDIUM
CVE-2026-33056 — tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path t…

tar tar-rs | Remote | Path Traversal
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
6.5 MEDIUM
CVE-2026-33022 — Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/Pipeli…

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.…

tekton_pipelines | Remote | Denial of Service
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
8.2 HIGH
CVE-2026-4478 — Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The man…

Remote | Cryptography
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
3.1 LOW
CVE-2026-4477 — Yi Technology YI Home Camera WPA/WPS hard-coded key

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-code…

| Cryptography
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
Showing 20 of 6026 Results