Latest CVE Vulnerabilities

8.7 HIGH

CVE-2026-9509 — Uncaught exception vulnerability in Suprema's BioStar

An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST reques…

Remote | Denial of Service

May 29, 2026 May 29, 2026

May 29, 2026

10.0 CRITICAL

CVE-2026-9508 — Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path w…

Remote | Misconfiguration

May 29, 2026 May 29, 2026

May 29, 2026

10.0 CRITICAL

CVE-2026-8326 — Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component …

Remote | Path Traversal

May 29, 2026 May 29, 2026

May 29, 2026

4.6 MEDIUM

CVE-2026-49324 — Indian Scout Bobber 2025 WCM brute-force

Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-veh…

| Denial of Service

May 29, 2026 May 29, 2026

May 29, 2026

4.3 MEDIUM

CVE-2026-49323 — Indian Scout Bobber 2025 WCM-to-ECM weak authentication

Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with…

| Authentication

May 29, 2026 May 29, 2026

May 29, 2026

8.7 HIGH

CVE-2026-48527 — HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode…

haxcms-php haxcms-nodejs | Remote | Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

5.1 MEDIUM

CVE-2026-45551 — Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User …

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings…

group_office | Remote | Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

9.9 CRITICAL

CVE-2026-45312 — RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u…

ragflow | Remote | Injection

May 29, 2026 Jun 02, 2026

May 29, 2026

Jun 02, 2026

9.3 CRITICAL

CVE-2026-45043 — RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including…

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se…

rustfs | Remote | Authorization

May 29, 2026 Jun 02, 2026

May 29, 2026

Jun 02, 2026

9.8 CRITICAL

CVE-2026-10071 — Interinfo｜DreamMaker - Arbitrary File Upload

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code exec…

Remote | Misconfiguration

May 29, 2026 May 29, 2026

May 29, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences