Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
2.1 LOW
CVE-2026-8353 — Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in atomik the…

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user …

Remote | Cross-Site Scripting
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.7 MEDIUM
CVE-2021-21508 — Dell VxRail Plain-text Password Storage Vulnerability

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user c…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.1 HIGH
CVE-2026-9256 — NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Co…

Remote | Memory Corruption
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
2.3 LOW
CVE-2026-8347 — Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express…

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog.  This can cause Cross-entity state tampering with view-only permission on one…

Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
2.3 LOW
CVE-2026-8340 — Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version…

Remote | Cross-Site Request Forgery
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.5 MEDIUM
CVE-2025-32751 — Dell PowerFlex Manager Insecure Storage of Sensitive Information Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
3.6 LOW
CVE-2025-46371 — Dell PowerFlex Manager SSH Cryptographic Algorithm Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo…

| Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.1 MEDIUM
CVE-2025-26483 — Dell PowerFlex Manager Open Redirect Vulnerability

Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application …

Remote | Misconfiguration
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.8 MEDIUM
CVE-2026-8997 — Heap Buffer Overflow in vifm

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length …

| Memory Corruption
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.2 MEDIUM
CVE-2025-32745 — Dell PowerFlex Manager Certificate Validation Weakness

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulner…

| Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.1 HIGH
CVE-2026-9277 — shell-quote `quote()` does not validate object-token shapes, allowing command injection v…

shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which …

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.9 MEDIUM
CVE-2026-8673 — Password re-initialization mechanism sends passwords in plain text

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.

Remote | Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.1 MEDIUM
CVE-2026-8672 — Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.

| Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-8671 — Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.0 MEDIUM
CVE-2025-32746 — Dell PowerFlex Manager Insecure Storage of Sensitive Information Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnera…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.6 CRITICAL
CVE-2026-8670 — Insecure session handling on metrics web server

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

Remote | Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.3 MEDIUM
CVE-2025-32747 — Dell PowerFlex Manager Privilege Elevation Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…

| Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.3 MEDIUM
CVE-2025-32749 — Dell PowerFlex Manager Directory Listing Information Exposure

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-44417 — Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RC…

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use…

| Misconfiguration
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-44618 — Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is…

| XML External Entity
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 6079 Results