Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2026-33583 — Arqit SKA-Platform Vulnerable to Key Exposure

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…

Remote | Information Disclosure
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.8 HIGH
CVE-2026-30906 — Zoom Rooms for Windows Untrusted Search Path Escalation of Privilege Vulnerability

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

| Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.8 HIGH
CVE-2026-30905 — Zoom Workplace VDI Plugin Windows Universal Installer Path TraversalPrivilege Escalation

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca…

| Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
1.8 LOW
CVE-2026-30904 — Zoom Workplace for iOS Information Disclosure Vulnerability

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.

| Information Disclosure
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.5 MEDIUM
CVE-2026-22677 — Hermes WebUI < 0.51.44 - Release T Path Traversal via Session Import Endpoint

Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted ses…

Remote | Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.6 MEDIUM
CVE-2026-0262 — PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending special…

Remote | Denial of Service
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.1 MEDIUM
CVE-2026-0261 — PAN-OS: Authenticated Admin Command Injection Vulnerability

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be …

Remote | Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.0 MEDIUM
CVE-2026-0259 — WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Ap…

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerabili…

Remote | Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.8 MEDIUM
CVE-2026-0258 — PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching

A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests…

Remote | Server-Side Request Forgery
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.7 MEDIUM
CVE-2026-0257 — PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized …

Remote | Authentication
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.4 MEDIUM
CVE-2026-0256 — PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This …

Remote | Cross-Site Scripting
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.9 MEDIUM
CVE-2026-0251 — GlobalProtect App: Local Privilege Escalation Vulnerabilities

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS an…

| Authentication
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.2 MEDIUM
CVE-2026-0250 — GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with S…

| Memory Corruption
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.9 MEDIUM
CVE-2026-0249 — GlobalProtect App: Certificate Validation Bypass Vulnerabilities

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint…

| Cryptography
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.2 MEDIUM
CVE-2026-0248 — Prisma Access Agent: Improper Certificate Validation Vulnerability

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By pr…

| Cryptography
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.9 MEDIUM
CVE-2026-0247 — Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations.

| Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.9 MEDIUM
CVE-2026-0246 — Prisma Access Agent: Local Privilege Escalation Vulnerability

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on ma…

| Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.3 MEDIUM
CVE-2026-0245 — Prisma Access Agent: Information Disclosure Vulnerabilities

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Andro…

| Information Disclosure
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.2 MEDIUM
CVE-2026-0244 — Prisma SD-WAN: Improper Certificate Validation Vulnerability

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.

| Misconfiguration
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.1 MEDIUM
CVE-2026-0242 — Trust Protection Foundation: SQL Injection Vulnerability

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an at…

| Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
Showing 20 of 6383 Results