Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-34910 — "UniFi OS Command Injection Vulnerability"

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-34909 — "UniFi OS Path Traversal Vulnerability"

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und…

Remote | Path Traversal
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-34908 — "UniFi OS Improper Access Control Vulnerability"

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.1 CRITICAL
CVE-2026-33000 — "UniFi OS Command Injection Vulnerability"

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.1 HIGH
CVE-2026-46727 — Apache Ruby Use-After-Free Remote Crash and Corruption Vulnerability

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remot…

Remote | Race Condition
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-42627 — Arm ArmNN Heap-Based Buffer Over-Read

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based …

| Memory Corruption
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-42626 — HP ENVY 5000 series Printers TCP Connection Overflow

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can…

| Denial of Service
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-36226 — Advantech WebAccess/SCADA Cross Site Scripting

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone…

| Cross-Site Scripting
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-36227 — Easy Chat Server Directory Traversal Vulnerability

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter

| Path Traversal
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-36228 — Easy Chat Server Buffer Overflow Vulnerability

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality

| Memory Corruption
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-37470 — ClipBucket Remote Code Execution Vulnerability

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components

| Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2025-45145 — Follett Software Destiny Library Manager Directory Traversal Vulnerability

Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter

| Path Traversal
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
2.3 LOW
CVE-2026-8435 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8434 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8433 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8432 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8427 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8416 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8415 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8414 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6053 Results