Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
3.1 LOW
CVE-2026-2475 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Misconfiguration
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34543 — OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed si…

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive …

| Information Disclosure
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34544 — OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted …

| Memory Corruption
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
4.3 MEDIUM
CVE-2026-4820 — IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name>…

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://…

Remote | Information Disclosure
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34545 — OpenEXR: integer overflow lead to OOB in HTJ2K decoder

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacke…

| Memory Corruption
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
4.1 MEDIUM
CVE-2025-36373 — Incorrect administrative access control in IBM DataPower Gateway

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway cou…

Remote | Information Disclosure
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
5.9 MEDIUM
CVE-2025-13916 — Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Remote | Cryptography
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-1491 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Information Disclosure
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34531 — Flask-HTTPAuth invokes token verification callback when missing or empty token was given …

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without pas…

| Authentication
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34530 — File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding inje…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is…

| Cross-Site Scripting
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-2862 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Misconfiguration
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34528 — File Browser's Signup Grants Execution Permissions When Default Permissions Includes Exec…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser app…

| Authorization
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
7.3 HIGH
CVE-2026-1345 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Injection
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34529 — File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Bro…

| Cross-Site Scripting
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
8.1 HIGH
CVE-2026-4101 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Authentication
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
5.4 MEDIUM
CVE-2026-4364 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Cross-Site Scripting
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-5312 — D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

| Authorization
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34525 — AIOHTTP: Duplicate Host header accepted

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.

| Misconfiguration
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34520 — AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header v…

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in res…

| Misconfiguration
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2026-34519 — AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject e…

| Injection
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
Showing 20 of 6216 Results