Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-26233 — Denial of Service via HTTP/2 single packet attack on login endpoint

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of servic…

Remote | Denial of Service
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3218 — Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favico…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3217 — SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO …

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3216 — Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure…

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

| Server-Side Request Forgery
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3215 — Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTR…

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 befor…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3214 — CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3213 — Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by C…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3212 — Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3211 — Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRI…

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

| Cross-Site Request Forgery
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-3210 — Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-2349 — UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before …

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-2348 — Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 bef…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-26833 — Thumbler Command Injection Vulnerability

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to …

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
9.8 CRITICAL
CVE-2026-26832 — Node-Tesseract-OCR OS Command Injection Vulnerability

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. …

Remote | Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-26831 — Textract OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to chi…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
7.6 HIGH
CVE-2026-24750 — Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generatio…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
7.7 HIGH
CVE-2026-20125 — Cisco HTTP Server Remote Authentication Bypass Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly,…

Remote | Denial of Service
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
6.1 MEDIUM
CVE-2026-20115 — Cisco Meraki Cisco IOS XE Software Insecure Configuration Upload Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuratio…

Remote | Information Disclosure
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
5.4 MEDIUM
CVE-2026-20114 — "Cisco Lobby Ambassador Privilege Escalation Vulnerability"

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that wou…

Remote | Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
5.3 MEDIUM
CVE-2026-20113 — Cisco IOx Web-Based Application CRLF Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return l…

Remote | Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
Showing 20 of 6001 Results