Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-30825 — hoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access Tok…

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providi…

hoppscotch | Remote | Authorization
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
9.8 CRITICAL
CVE-2026-30824 — Flowise: Missing Authentication on NVIDIA NIM Endpoints

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authenticat…

flowise | Remote | Authentication
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
8.8 HIGH
CVE-2026-30823 — Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configura…

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature by…

flowise | Remote | Authorization
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
5.3 MEDIUM
CVE-2026-27797 — Homarr: Unauthenticated SSRF in rssFeed.ts

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitra…

homarr | Remote | Server-Side Request Forgery
Mar 07, 2026 Mar 10, 2026
Mar 07, 2026
Mar 10, 2026
7.5 HIGH
CVE-2026-27796 — Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of…

homarr | Remote | Information Disclosure
Mar 07, 2026 Mar 10, 2026
Mar 07, 2026
Mar 10, 2026
8.8 HIGH
CVE-2025-8899 — Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) …

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_…

Remote | Authorization
Mar 07, 2026 Mar 09, 2026
Mar 07, 2026
Mar 09, 2026
7.7 HIGH
CVE-2026-30822 — Flowise: Mass Assignment in `/api/v1/leads` Endpoint

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when …

flowise | Remote | Injection
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
9.8 CRITICAL
CVE-2026-30821 — Flowise: Arbitrary File Upload via MIME Spoofing

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, all…

flowise | Remote | Authentication
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
8.8 HIGH
CVE-2026-30820 — Flowise Authorization Bypass via Spoofed x-request-from Header

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowin…

flowise | Remote | Authentication
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
7.5 HIGH
CVE-2026-30247 — WeKnora: SSRF via Redirection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Serv…

weknora | Remote | Server-Side Request Forgery
Mar 07, 2026 Mar 11, 2026
Mar 07, 2026
Mar 11, 2026
Showing 20 of 5870 Results