Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-32726 — SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The e…

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
8.3 HIGH
CVE-2026-32725 — SciTokens C++: Relative Path Traversal Vulnerability

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in …

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.3 MEDIUM
CVE-2026-32620 — Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could ac…

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
6.3 MEDIUM
CVE-2026-32619 — Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in p…

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to…

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
4.3 MEDIUM
CVE-2026-32618 — Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channe…

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.3 MEDIUM
CVE-2026-32615 — Discourse: Category group moderators can perform actions on topics in restricted categori…

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderator…

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
2.1 LOW
CVE-2026-32607 — Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioriti…

Remote | Cross-Site Scripting
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.4 MEDIUM
CVE-2026-32273 — Discourse: XSS on category description update via API

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category desc…

Remote | Cross-Site Scripting
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.3 MEDIUM
CVE-2026-32243 — Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the abi…

Remote | Cross-Site Scripting
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.3 MEDIUM
CVE-2026-32143 — Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export …

Remote | Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
5.1 MEDIUM
CVE-2026-32113 — Discourse: Open redirect via `sso_destination_url` cookie in `enter`

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in Stat…

Remote | Server-Side Request Forgery
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30520 — SourceCodester Loan Management System Blind SQL Injection

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails …

| Injection
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30286 — Funambol Zefiro Cloud File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code …

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30283 — PEAKSEL D.O.O. NIS Animal Sounds and Ringtones File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitr…

| Information Disclosure
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
9.0 CRITICAL
CVE-2026-30282 — UXGROUP LLC Cast to TV Screen Mirroring Arbitrary File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary cod…

Remote | Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30279 — Squareapps LLC My Location Travel Timeline File Overwrite Vulnerability (Arbitrary Code E…

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary …

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30278 — FLY is FUN Aviation Navigation File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code executi…

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
0.0 NA
CVE-2026-30277 — TA/UTAX Mobile Print PDF Reader App File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrar…

| Path Traversal
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
8.6 HIGH
CVE-2026-2123 — Privilege escalation vulnerability in Operations Agent

A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable loc…

| Authorization
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
4.8 MEDIUM
CVE-2025-62184 — Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting…

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access righ…

Remote | Cross-Site Scripting
Mar 31, 2026 Mar 31, 2026
Mar 31, 2026
Mar 31, 2026
Showing 20 of 6175 Results