Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-32847 — DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying…

deepcode | Remote | Path Traversal
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
8.8 HIGH
CVE-2026-4944 — Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and …

vllm | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47337 — NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47336 — Use of uninitialized value in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation rules

Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and…

ubuntu_linux | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47335 — NULL pointer dereference in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a …

ubuntu_linux | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47334 — Deadlock or kernel panic in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user an…

ubuntu_linux | Race Condition
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
7.8 HIGH
CVE-2026-47333 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification han…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47332 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can…

ubuntu_linux | Information Disclosure
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
7.8 HIGH
CVE-2026-47331 — Use-after-free in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-fr…

ubuntu_linux | Race Condition
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47330 — Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri…

ubuntu_linux | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47329 — Incorrect validation of field size in Ubuntu Linux AppArmor notification responses

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.1 MEDIUM
CVE-2026-47328 — Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47327 — NULL pointer dereference in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47326 — Memory leak in Ubuntu Linux AppArmor large notification response allocation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory …

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.9 MEDIUM
CVE-2026-47136 — RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…

rustfs | Remote | Information Disclosure
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.0 MEDIUM
CVE-2026-46685 — RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata…

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…

rustfs | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.0 MEDIUM
CVE-2026-46526 — Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac…

local_deep_research | Remote | Server-Side Request Forgery
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
8.2 HIGH
CVE-2026-46509 — deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Po…

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…

Remote | Misconfiguration
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
7.5 HIGH
CVE-2026-45332 — Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password …

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr…

automad | Remote | Authentication
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-45044 — RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated …

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any…

rustfs | Remote | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
Showing 20 of 7171 Results