Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-44798 — Nautobot: GitRepository.current_head field should not be writable through REST API

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu…

nautobot | Remote | Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.5 HIGH
CVE-2026-44797 — Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient…

nautobot | Remote | Server-Side Request Forgery
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-44796 — Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regula…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…

nautobot | Remote | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.4 MEDIUM
CVE-2026-44794 — Nautobot: REST API permits creation of GenericForeignKey references to objects that the u…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…

nautobot | Remote | Authorization
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
10.0 CRITICAL
CVE-2026-43898 — SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…

sandboxjs | Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.5 HIGH
CVE-2026-34126 — Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's T…

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…

tapo_l535e_firmware tapo_l535e tapo_p300_firmware tapo_p300 tapo_d100c_firmware tapo_d100c | Cryptography
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
Showing 20 of 7666 Results