Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-34928 — Trend Micro Apex One/SEP Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-34927 — Trend Micro Apex One/SEP Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to …

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.7 MEDIUM
CVE-2026-34926 — "Apex One Directory Traversal Vulnerability"

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents…

| Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.4 HIGH
CVE-2026-2740 — Remote Code Execution

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2025-71217 — Trend Micro Apex One (mac) Origin Validation Error Privilege Escalation Vulnerability

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2025-71216 — Trend Micro Apex One (mac) Privilege Escalation Vulnerability

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att…

| Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.0 HIGH
CVE-2025-71215 — Trend Micro Apex One (mac) iCore Signature Verification Privilege Escalation

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. …

| Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2025-71214 — Trend Micro Apex One (mac) iCore Origin Validation Privilege Escalation Vulnerability

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2025-71213 — Trend Micro Apex One Privilege Escalation Vulnerability

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2025-71212 — Trend Micro Apex One Privilege Escalation Vulnerability

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.8 CRITICAL
CVE-2025-71211 — Trend Micro Apex One Unauthenticated Remote Code Execution Vulnerability

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in …

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.8 CRITICAL
CVE-2025-71210 — Trend Micro Apex One Remote Code Execution Vulnerability

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2025-13479 — IDOR in PosCube's QR Menu

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug…

Remote | Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2025-13477 — OTP Bypass in Digital Operation Services' WifiBurada

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.1 MEDIUM
CVE-2026-6841 — Reflected XSS in Request Tracker

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.8 CRITICAL
CVE-2026-5118 — Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45760 — Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-43502 — net/rds: handle zerocopy send cleanup before the message is queued

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-43501 — ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-43499 — rtmutex: Use waiter::task instead of current in remove_waiter()

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also use…

| Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6268 Results