Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
9.1
CRITICAL
CVE-2026-40324
— Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A c…
Remote
|
Denial of Service
Apr 18, 2026
Apr 29, 2026
Apr 18, 2026
Apr 29, 2026
8.9
HIGH
CVE-2026-40323
— SP1 V6 Recursion Circuit Row-Count Binding Gap
SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 re…
Apr 18, 2026
May 13, 2026
Apr 18, 2026
May 13, 2026
7.5
HIGH
CVE-2026-2262
— Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…
Apr 18, 2026
Apr 22, 2026
Apr 18, 2026
Apr 22, 2026