Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-39897 — Cacti has a Reflected XSS Vulnerability via html_auth_footer

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.3…

| Cross-Site Scripting
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-39894 — Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric value…

| Misconfiguration
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-39893 — Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpo…

| Injection
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.8 HIGH
CVE-2026-2050 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte…

| Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-49979 — Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP …

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values a…

| Server-Side Request Forgery
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-55454 — Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:…

| Server-Side Request Forgery
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.2 HIGH
CVE-2026-9779 — ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remot…

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect…

| Cryptography
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.2 HIGH
CVE-2026-9778 — ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Au…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.2 HIGH
CVE-2026-9777 — ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentic…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-9776 — ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vul…

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
5.5 MEDIUM
CVE-2026-9775 — ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authent…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
5.5 MEDIUM
CVE-2026-9774 — ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Aut…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-55455 — Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugin…

| Server-Side Request Forgery
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.8 HIGH
CVE-2026-10043 — MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Com…

| Misconfiguration
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
8.8 HIGH
CVE-2026-9773 — Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authenti…

| Injection
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
8.8 HIGH
CVE-2026-9772 — Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentic…

| Injection
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-50189 — Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the contai…

| Misconfiguration
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
6.5 MEDIUM
CVE-2026-10642 — Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the interrupt-driven application callback while the TX …

zephyr zephyr | Denial of Service
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53765 — chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.…

| Misconfiguration
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53766 — chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by check…

| Path Traversal
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
Showing 20 of 8061 Results