Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-5632 — assafelovic gpt-researcher HTTP REST API Endpoint missing authentication

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authenticat…

| Authentication
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-5631 — assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such …

| Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5629 — Belkin F9K1015 formSetFirewall stack-based overflow

A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in s…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5628 — Belkin F9K1015 Setting formSetSystemSettings stack-based overflow

A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The ma…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.3 MEDIUM
CVE-2026-5625 — assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interfa…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.3 MEDIUM
CVE-2026-5624 — ProjectSend upload.php cross-site request forgery

A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack m…

Remote | Cross-Site Request Forgery
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5623 — hcengineering Huly Platform Import Endpoint index.ts server-side request forgery

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to …

Remote | Server-Side Request Forgery
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-5630 — assafelovic gpt-researcher Report API app.py cross site scripting

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cr…

| Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.3 MEDIUM
CVE-2026-5622 — hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component J…

Remote | Cryptography
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.3 MEDIUM
CVE-2026-5621 — ChrisChinchilla Vale-MCP HTTP index.ts os command injection

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio…

| Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5620 — itsourcecode Construction Management System Parameter borrowed_equip_report.php sql injec…

A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manip…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.3 MEDIUM
CVE-2026-5619 — Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu…

| Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.3 MEDIUM
CVE-2026-5618 — kalcaddle kodbox shareMake/shareCheck server-side request forgery

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results …

Remote | Server-Side Request Forgery
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5616 — JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/mo…

Remote | Authentication
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.3 MEDIUM
CVE-2026-5615 — givanz Vvvebjs File Upload Endpoint upload.php cross site scripting

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argume…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5614 — Belkin F9K1015 formSetPassword stack-based overflow

A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5613 — Belkin F9K1015 formReboot stack-based overflow

A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buff…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5612 — Belkin F9K1015 formWlEncrypt stack-based overflow

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5611 — Belkin F9K1015 formCrossBandSwitch stack-based overflow

A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results i…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
9.0 HIGH
CVE-2026-5610 — Belkin F9K1015 formWISP5G stack-based overflow

A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-ba…

Remote | Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
Showing 20 of 5868 Results