Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2026-3336 — PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the fin…

Remote | Misconfiguration
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
6.5 MEDIUM
CVE-2026-2256 — Command injection vulnerability in ModelScope's ms-agent

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived in…

Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
2.7 LOW
CVE-2026-27631 — Exiv2: Uncaught exception - cannot create std::vector larger than max_size()

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vuln…

exiv2 | Remote | Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
2.7 LOW
CVE-2026-27596 — Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vuln…

exiv2 | Remote | Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26713 — Code-Projects Simple Food Order System SQL Injection

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.

simple_food_order_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-26712 — Code-Projects Simple Food Order System SQL Injection Vulnerability

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.

simple_food_order_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
2.7 LOW
CVE-2026-25884 — Exiv2: Out-of-bounds read in CrwMap::decode0x0805

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability…

exiv2 | Remote | Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.9 MEDIUM
CVE-2026-25477 — AFFiNE: Open Redirect via Regex Bypass in redirect-proxy

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in th…

Remote | Misconfiguration
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2026-21882 — theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-ex…

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via com…

| Misconfiguration
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26711 — Code-Projects Simple Food Order System SQL Injection Vulnerability

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.

simple_food_order_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-26710 — Code-Projects Simple Food Order System SQL Injection

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.

simple_food_order_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26709 — Code-Projects Simple Gym Management System SQL Injection

code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.8 HIGH
CVE-2026-21853 — AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embed…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.4 HIGH
CVE-2026-0047 — Android ActivityManagerService dumpBitmapsProto Local Privilege Escalation

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privileg…

android | Authorization
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2026-0038 — Apache MemProtect Local Privilege Escalation Vulnerability

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional executi…

android | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2026-0037 — FFA Memory Corruption Privilege Escalation Vulnerability

In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed…

android | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2026-0035 — Apache MediaProvider Local Privilege Escalation

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of pri…

android | Path Traversal
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2026-0034 — Apache ManagedServices Local Privilege Escalation

In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no addi…

android | Authorization
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.8 HIGH
CVE-2026-0032 — Apache Memprotect Out-of-Bounds Write Vulnerability

In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privile…

android | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.4 HIGH
CVE-2026-0031 — Apache MemProtect Integer Overflow Write Vulnerability

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges ne…

android | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
Showing 20 of 4961 Results