Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.6 HIGH
CVE-2026-44516 — Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClie…

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls …

Remote | Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.3 LOW
CVE-2026-44515 — Nextcloud News: Authenticated blind SSRF via feed URL

Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-44514 — Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from aut…

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…

Remote | Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.8 HIGH
CVE-2026-44513 — Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p…

Remote | Supply Chain
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.4 HIGH
CVE-2026-44511 — Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a v…

Remote | Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.5 LOW
CVE-2026-44348 — PoDoFo: Double-free vulnerability in compute_hash_to_sign()

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…

| Memory Corruption
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.8 MEDIUM
CVE-2026-44312 — css_parser allows to MITM included https css urls

css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when s…

Remote | Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.1 CRITICAL
CVE-2026-42555 — Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by adm…

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.val…

Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.6 HIGH
CVE-2026-20224 — Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system.…

Remote | XML External Entity
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2026-20210 — Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform …

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2026-20209 — Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low …

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
10.0 CRITICAL
CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new v…

Remote | Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.6 LOW
CVE-2025-62317 — HCL AION is affected by a vulnerability where sensitive information may be included in UR…

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary syst…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.3 LOW
CVE-2025-62316 — HCL AION is affected by a vulnerability where certain security-related HTTP response head…

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based securi…

| Misconfiguration
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2025-62313 — HCL AION is affected by a vulnerability where adequate protections against brute-force at…

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized …

| Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
3.0 LOW
CVE-2025-62312 — HCL AION is affected by a vulnerability where basic authorization tokens are used for aut…

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse,…

| Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2025-62311 — HCL AION is affected by a vulnerability where backend service details may be transmitted …

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2025-62310 — HCL AION is affected by a vulnerability where encryption is not enforced for certain data…

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized …

| Cryptography
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.6 LOW
CVE-2025-62309 — HCL AION is affected by a vulnerability where auto-complete functionality is enabled for …

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.1 MEDIUM
CVE-2025-62308 — HCL AION is affected by a vulnerability where sensitive backend infrastructure details ma…

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,…

| Information Disclosure
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
Showing 20 of 6358 Results