Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.9 MEDIUM
CVE-2026-8673 — Password re-initialization mechanism sends passwords in plain text

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.

Remote | Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.1 MEDIUM
CVE-2026-8672 — Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.

| Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-8671 — Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.0 MEDIUM
CVE-2025-32746 — Dell PowerFlex Manager Insecure Storage of Sensitive Information Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnera…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.6 CRITICAL
CVE-2026-8670 — Insecure session handling on metrics web server

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

Remote | Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.3 MEDIUM
CVE-2025-32747 — Dell PowerFlex Manager Privilege Elevation Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…

| Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.3 MEDIUM
CVE-2025-32749 — Dell PowerFlex Manager Directory Listing Information Exposure

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi…

| Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-44417 — Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RC…

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use…

| Misconfiguration
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-44618 — Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is…

| XML External Entity
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-44930 — Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommende…

| Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-4635 — Persistent notification timing attack causing server denial of service

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to c…

Remote | Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.9 MEDIUM
CVE-2026-3473 — Improper file ownership validation in the Boards API allows unauthorised file access

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and down…

Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.3 MEDIUM
CVE-2026-4646 — Insufficient input validation in GitHub plugin API causes denial of service

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to cr…

Remote | Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.3 MEDIUM
CVE-2026-3636 — Sanitize team member data returned by API

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allow…

Remote | Information Disclosure
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-5740 — Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unaut…

Remote | Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
4.9 MEDIUM
CVE-2026-5308 — Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a den…

Remote | Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-5755 — Denial of service via crafted TIFF file upload

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic…

Remote | Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
2.3 LOW
CVE-2026-25608 — Lack of traffic encryption in STER

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authen…

Remote | Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
5.7 MEDIUM
CVE-2026-25607 — Weak password encoding in STER

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version…

| Cryptography
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.7 HIGH
CVE-2026-25606 — SQL Injection in STER

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated …

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 6080 Results