Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-8318 — VectifyAI PageIndex PDF Table of Contents page_index.py toc_transformer infinite loop

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_in…

Remote | Denial of Service
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
8.7 HIGH
CVE-2026-7790 — Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …

cowlib | Remote | Denial of Service
May 11, 2026 May 22, 2026
May 11, 2026
May 22, 2026
7.1 HIGH
CVE-2026-45224 — Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the inten…

| Path Traversal
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
8.8 HIGH
CVE-2026-45223 — Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin …

Remote | Authentication
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.9 MEDIUM
CVE-2026-45222 — Summarize Insecure Daemon Configuration File Permissions

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, al…

summarize | Misconfiguration
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
3.2 LOW
CVE-2026-43969 — Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_co…

cowlib | Injection
May 11, 2026 May 21, 2026
May 11, 2026
May 21, 2026
6.3 MEDIUM
CVE-2026-43968 — CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards…

cowlib | Remote | Injection
May 11, 2026 May 21, 2026
May 11, 2026
May 21, 2026
6.9 MEDIUM
CVE-2026-42871 — WeGIA: Error Handling familiar_docfamiliar

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. Thi…

wegia | Remote | Information Disclosure
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
6.7 MEDIUM
CVE-2026-42866 — Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filen…

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open…

| Path Traversal
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
9.9 CRITICAL
CVE-2026-42864 — FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = […

Remote | Authentication
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
Showing 20 of 7490 Results