Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-8326 — Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component …

Remote | Path Traversal
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.6 MEDIUM
CVE-2026-49324 — Indian Scout Bobber 2025 WCM brute-force

Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-veh…

| Denial of Service
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-49323 — Indian Scout Bobber 2025 WCM-to-ECM weak authentication

Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with…

| Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-48527 — HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode…

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
5.1 MEDIUM
CVE-2026-45551 — Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User …

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings…

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.9 CRITICAL
CVE-2026-45312 — RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.3 CRITICAL
CVE-2026-45043 — RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including…

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.8 CRITICAL
CVE-2026-10071 — Interinfo|DreamMaker - Arbitrary File Upload

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code exec…

Remote | Misconfiguration
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
5.4 MEDIUM
CVE-2026-9811 — Mautic Stored Cross-Site Scripting (XSS) Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f…

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.6 HIGH
CVE-2026-9809 — Mautic Stored XSS in Projects Component

A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or…

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2026-9808 — Mautic Authorization Bypass

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or …

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.9 CRITICAL
CVE-2026-9559 — Mautic Remote Code Execution via Path Traversal

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escap…

Remote | Path Traversal
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2025-41281 — Nozomi Networks Labs Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that al…

| Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2025-41280 — Nozomi Networks Labs Waterfall WF-500 RX Host Zip Slip Code Execution

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod…

| Path Traversal
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.6 HIGH
CVE-2025-41279 — Waterfall WF-500 RX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2025-41278 — Nozomi Networks Waterfall WF-500 Out-of-bounds Read Remote Code Execution

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho…

| Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.3 CRITICAL
CVE-2025-41277 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.3 CRITICAL
CVE-2025-41276 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.3 CRITICAL
CVE-2025-41275 — Nozomi Networks Waterfall WF-500 OS Command Injection Vulnerability

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.3 CRITICAL
CVE-2025-41274 — Nozomi Networks Labs Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 6970 Results