Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2014-125112 — Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code exec…

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows …

| Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
4.8 MEDIUM
CVE-2026-4833 — Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled r…

| Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.3 MEDIUM
CVE-2026-4831 — kalcaddle kodbox Password-protected Share auth.class.php can improper authentication

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protecte…

Remote | Authentication
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
9.8 CRITICAL
CVE-2026-4484 — Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Esca…

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.3 MEDIUM
CVE-2026-4830 — kalcaddle kodbox Public Share userShare.class.php add privilege escalation

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipu…

Remote | Misconfiguration
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-33942 — Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token s…

Remote | Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
9.2 CRITICAL
CVE-2026-33526 — Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to pe…

Remote | Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.9 MEDIUM
CVE-2026-33515 — Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacke…

Remote | Information Disclosure
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.5 HIGH
CVE-2026-33287 — LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` whi…

Remote | Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.5 HIGH
CVE-2026-33285 — LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse r…

Remote | Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.0 HIGH
CVE-2026-33183 — Saloon has a Fixture Name Path Traversal Vulnerability

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without v…

Remote | Path Traversal
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.6 MEDIUM
CVE-2026-33182 — Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overridi…

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request end…

Remote | Server-Side Request Forgery
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.7 HIGH
CVE-2026-32748 — Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when h…

Remote | Denial of Service
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
6.5 MEDIUM
CVE-2026-4826 — SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injecti…

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. Thi…

Remote | Injection
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.8 HIGH
CVE-2026-4758 — WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume C…

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up…

Remote | Path Traversal
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.7 HIGH
CVE-2026-34056 — OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows lo…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-34055 — OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perfo…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
7.1 HIGH
CVE-2026-34053 — OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-34051 — OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, …

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
4.3 MEDIUM
CVE-2026-33934 — OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staf…

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signatur…

Remote | Authorization
Mar 26, 2026 Mar 26, 2026
Mar 26, 2026
Mar 26, 2026
Showing 20 of 5992 Results