Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-40247 — free5gc UDR improper path validation allows unauthenticated access to Traffic Influence S…

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…

udm | Remote | Information Disclosure
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-40246 — free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence…

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…

udm | Remote | Authorization
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
7.5 HIGH
CVE-2026-40170 — ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack bu…

Remote | Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-39313 — MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service vi…

mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks int…

Remote | Denial of Service
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-35469 — SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocat…

Remote | Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
4.9 MEDIUM
CVE-2026-34164 — Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox…

Remote | Information Disclosure
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
4.8 MEDIUM
CVE-2026-33472 — Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (…

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass t…

Remote | Authentication
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
7.5 HIGH
CVE-2026-40901 — DataEase: Quartz Deserialization → Remote Code Execution

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerT…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-40900 — DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplie…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.3 HIGH
CVE-2026-40899 — DataEase has an Arbitrary File Read Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mys…

Remote | Path Traversal
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.6 HIGH
CVE-2026-33207 — DataEase SQL Injection Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql …

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.6 HIGH
CVE-2026-33122 — DataEase has SQL Injection via Datasource Management

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definitio…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
7.1 HIGH
CVE-2025-54502 — AMD APCB SMM Driver Privilege Escalation Vulnerability

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulti…

| Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.3 HIGH
CVE-2026-6442 — Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding spec…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-33121 — DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-33084 — DataEase has SQL Injection through its getFieldEnumObj Endpoint

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj en…

Remote | Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
5.9 MEDIUM
CVE-2025-54510 — AMD EPYC 9005 Series CPUs Guest Confidentiality Vulnerability

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, poten…

| Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
6.6 MEDIUM
CVE-2025-43937 — Dell PowerScale OneFS Information Disclosure Vulnerability

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit th…

| Information Disclosure
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
4.4 MEDIUM
CVE-2025-43935 — Dell PowerScale OneFS Improper Resource Shutdown Denial of Service Vulnerability

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnera…

| Denial of Service
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
5.6 MEDIUM
CVE-2023-20585 — VMware IOMMU Buffer Access RMP Vulnerability (Information Disclosure)

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in…

| Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
Showing 20 of 6509 Results