Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-8620 — IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by…

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggl…

Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.8 HIGH
CVE-2026-7454 — WRL File Parsing Memory Corruption in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c…

3ds_max | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.5 MEDIUM
CVE-2026-7453 — WRL File Parsing Memory Exhaustion in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.

3ds_max | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.8 HIGH
CVE-2026-7452 — WRL File Parsing Memory Corruption in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c…

3ds_max | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.8 HIGH
CVE-2026-7451 — TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data co…

3ds_max | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.5 MEDIUM
CVE-2026-7450 — PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Max

A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a deni…

3ds_max | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-7251 — Eppendorf BioFlo 320 Use of hard-coded password

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain f…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48696 — FastNetMon Community Edition Buffer Overflow Vulnerability

FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.1 HIGH
CVE-2026-48695 — MikroTik FastNetMon OS Command Injection Vulnerability

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.1 HIGH
CVE-2026-48694 — Juniper FastNetMon Configuration Injection Vulnerability

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.3 CRITICAL
CVE-2026-47202 — Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given k…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.9 CRITICAL
CVE-2026-46624 — Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. I…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.9 MEDIUM
CVE-2026-44776 — Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or gues…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-44775 — Kavita: No authentication at /api/Reader/image

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with [AllowAnonymous], allowing completely unauthenticated access to page images from an…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-44749 — Information Disclosure vulnerability in SAP Gateway

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leadi…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.2 HIGH
CVE-2026-44730 — OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to inc…

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a differ…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.2 HIGH
CVE-2026-44728 — Improper Control of Generation of Code when compiling specifically crafted malicious code…

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel t…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.8 MEDIUM
CVE-2026-44707 — Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enf…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.5 HIGH
CVE-2026-44706 — Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type da…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.7 HIGH
CVE-2026-44669 — Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment file preview f…

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 6057 Results