Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability al…

Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-38716 — InHand Networks Command Injection

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This v…

Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-38715 — InHand Networks Command Injection

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability a…

Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-38714 — InHand Networks Command Injection

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulner…

Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.1 MEDIUM
CVE-2026-11982 — Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

grav-plugin-api | Remote | Cross-Site Scripting
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.5 HIGH
CVE-2025-53114 — CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixe…

cometd | Remote | Denial of Service
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
8.7 HIGH
CVE-2025-32437 — AutoGPT has a DoS vulnerability in MediaDurationBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
7.1 HIGH
CVE-2025-32436 — AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video an…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.7 HIGH
CVE-2025-32424 — AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots …

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.7 HIGH
CVE-2025-32422 — AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a l…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.7 HIGH
CVE-2025-32392 — AutoGPT has a DoS vulnerability in LoopVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.8 HIGH

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An…

theia | Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-44691 — Eclipse Theia Workspace Trust Bypass via Malicious Task Definitions

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker cou…

theia | Remote | Authentication
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-44688 — Eclipse Theia Indirect Prompt Injection

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attack…

theia | Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
6.7 MEDIUM
CVE-2026-22551 — Eclipse Theia Improper Neutralization of Special Elements used in an Image URI (Image Pat…

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt in…

theia | Server-Side Request Forgery
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.0 MEDIUM
CVE-2026-11791 — 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred dele…

Jun 18, 2026 Jun 30, 2026
Jun 18, 2026
Jun 30, 2026
8.2 HIGH
CVE-2025-58175 — GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolu…

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to …

geoserver | Remote | Server-Side Request Forgery
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.2 HIGH
CVE-2025-52465 — GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with acc…

geoserver | Remote | Information Disclosure
Jun 18, 2026 Jun 24, 2026
Jun 18, 2026
Jun 24, 2026
7.2 HIGH
CVE-2025-27511 — GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack th…

geoserver | Remote | Misconfiguration
Jun 18, 2026 Jun 24, 2026
Jun 18, 2026
Jun 24, 2026
9.8 CRITICAL
CVE-2026-9158 — 4diac FORTE Use-After-Free Vulnerability

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access fre…

Remote | Memory Corruption
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
Showing 20 of 7989 Results