Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
3.1 LOW
CVE-2026-14630 — ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_…

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/…

Remote | Cryptography
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14629 — RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can…

Remote | Denial of Service
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.8 HIGH
CVE-2026-14535 — Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in Analys…

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless …

fickling | Remote | Misconfiguration
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.8 HIGH
CVE-2026-14534 — Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, s…

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because th…

fickling | Remote | Information Disclosure
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.5 MEDIUM
CVE-2026-14628 — NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Perfor…

hermes-agent | Remote | Path Traversal
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.6 MEDIUM
CVE-2026-14627 — NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allo…

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the compone…

hermes-agent | Remote | Authentication
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
3.5 LOW
CVE-2025-13475 — Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allow…

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within…

api_manager identity_server | Remote | Authorization
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-53362 — ipv6: account for fraggap on the paged allocation path

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MOR…

| Memory Corruption
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-53361 — af_unix: Set gc_in_progress to true in unix_gc().

In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false …

| Race Condition
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-53360 — KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scrat…

| Memory Corruption
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-53359 — KVM: x86: Fix shadow paging use-after-free due to unexpected role

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-fr…

| Memory Corruption
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14626 — NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This man…

hermes-agent | Remote | Denial of Service
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14625 — NousResearch hermes-agent server.py shell.exec protection mechanism

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protectio…

hermes-agent | Remote | Misconfiguration
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.3 HIGH
CVE-2026-12196 — HestiaCP Admin Takeover

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless …

Remote | Authorization
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.5 HIGH
CVE-2026-12195 — myVesta FTP User Deletion Remote Code Execution

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This…

Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14624 — omec-project amf NGSetupRequest handler.go denial of service

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation…

amf | Remote | Denial of Service
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14623 — omec-project amf NGAP Message RRCInactiveTransitionReport denial of service

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to…

amf | Remote | Denial of Service
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14622 — jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the comp…

Remote | Authentication
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
3.1 LOW
CVE-2026-14621 — FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.in…

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grp…

Remote | Authorization
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14619 — itsourcecode Hospital Management System medicine.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes s…

hospital_management_system | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
Showing 20 of 7408 Results