Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-32143 — Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export …

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.1 MEDIUM
CVE-2026-32113 — Discourse: Open redirect via `sso_destination_url` cookie in `enter`

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in Stat…

Remote | Server-Side Request Forgery
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
4.8 MEDIUM
CVE-2026-30520 — SourceCodester Loan Management System Blind SQL Injection

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails …

Remote | Injection
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30286 — Funambol Zefiro Cloud File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code …

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30283 — PEAKSEL D.O.O. NIS Animal Sounds and Ringtones File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitr…

| Information Disclosure
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
9.0 CRITICAL
CVE-2026-30282 — UXGROUP LLC Cast to TV Screen Mirroring Arbitrary File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary cod…

Remote | Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30279 — Squareapps LLC My Location Travel Timeline File Overwrite Vulnerability (Arbitrary Code E…

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary …

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30278 — FLY is FUN Aviation Navigation File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code executi…

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30277 — TA/UTAX Mobile Print PDF Reader App File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrar…

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
8.6 HIGH
CVE-2026-2123 — Privilege escalation vulnerability in Operations Agent

A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable loc…

| Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
4.8 MEDIUM
CVE-2025-62184 — Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting…

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access righ…

Remote | Cross-Site Scripting
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
6.5 MEDIUM
CVE-2026-5205 — chatwoot Webhook API trigger.rb Trigger server-side request forgery

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such man…

chatwoot | Remote | Server-Side Request Forgery
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
9.3 CRITICAL
CVE-2026-34361 — HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for …

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" e…

Remote | Server-Side Request Forgery
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.8 MEDIUM
CVE-2026-34360 — HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probi…

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a…

Remote | Server-Side Request Forgery
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
7.4 HIGH
CVE-2026-34359 — HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Red…

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match re…

Remote | Authentication
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
7.8 HIGH
CVE-2026-24165 — NVIDIA BioNeMo Deserialization Vulnerability

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, infor…

| Injection
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
8.8 HIGH
CVE-2026-24164 — NVIDIA BioNeMo Deserialization Vulnerability

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, infor…

Remote | Injection
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
7.6 HIGH
CVE-2026-24154 — NVIDIA Jetson Linux initrd Argument Injection Vulnerability

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lea…

| Misconfiguration
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.2 MEDIUM
CVE-2026-24153 — NVIDIA Jetson Linux Initrd Information Disclosure

NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.

| Information Disclosure
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
8.3 HIGH
CVE-2026-24148 — NVIDIA Jetson Information Disclosure and Tampering Vulnerability

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successf…

Remote | Misconfiguration
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
Showing 20 of 6225 Results