Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.6 HIGH
CVE-2026-35223 — Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to com_config webservice endpoints.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-35222 — Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-35221 — Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.6 MEDIUM
CVE-2026-35220 — Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

Remote | Cross-Site Request Forgery
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-30895 — Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for com_content.

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-30894 — Joomla! Core - [20260503] - XSS in com_contenthistory

Lack of output escaping leads to a XSS vector in the content history component.

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.2 CRITICAL
CVE-2026-2264 — Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetInt…

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For succe…

Remote | Server-Side Request Forgery
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-25901 — Joomla! Core - [20260502] - XSS in com_associations

Lack of output escaping leads to a XSS vector in the multilingual associations component.

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-25900 — Joomla! Core - [20260501] - XSS in feed modules

Lack of output escaping leads to a XSS vector in the feed modules.

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-24212 — NVIDIA Isaac Launchable for Linux Cleartext Information Disclosure and Execution

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalatio…

| Information Disclosure
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.8 HIGH
CVE-2026-24162 — NVIDIA Transformers4Rec Linux Improper Deserialization Vulnerability

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec…

| Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2025-36221 — Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2025-36220 — Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, …

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.4 MEDIUM
CVE-2025-36148 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to …

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo…

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.4 MEDIUM
CVE-2025-36145 — Multiple Vulnerabilities in watsonx.data

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.4 MEDIUM
CVE-2025-36126 — IBM Cognos Analytics is affected by multiple security vulnerabilities

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.4 MEDIUM
CVE-2025-14290 — IBM webMethods Integration Sever is vulnerable to server-side request forgery

IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…

Remote | Server-Side Request Forgery
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.5 MEDIUM
CVE-2025-13755 — IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcas…

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local …

| Information Disclosure
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48692 — FastNetMon Community Edition Unauthenticated gRPC API Remote Code Execution and Privilege…

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.c…

| Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48688 — FastNetMon Community Edition BGP MP_REACH_NLRI IPv6 Attribute Decoder Out-of-Bounds Read …

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains …

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 5971 Results