Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-44797 — Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient…

nautobot | Remote | Server-Side Request Forgery
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-44796 — Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regula…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…

nautobot | Remote | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.4 MEDIUM
CVE-2026-44794 — Nautobot: REST API permits creation of GenericForeignKey references to objects that the u…

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…

nautobot | Remote | Authorization
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
10.0 CRITICAL
CVE-2026-43898 — SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…

sandboxjs | Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.5 HIGH
CVE-2026-34126 — Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's T…

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…

tapo_l535e_firmware tapo_l535e tapo_p300_firmware tapo_p300 tapo_d100c_firmware tapo_d100c | Cryptography
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
9.1 CRITICAL
CVE-2026-9098 — CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2026-9097 — CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-9096 — CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…

casdoor | Remote | Authentication
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-9095 — CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immedia…

casdoor | Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.8 CRITICAL
CVE-2026-9094 — CVE-2026-9094

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …

casdoor | Remote | Authorization
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2026-9093 — CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…

casdoor | Remote | Misconfiguration
May 28, 2026 Jun 02, 2026
May 28, 2026
Jun 02, 2026
9.1 CRITICAL
CVE-2026-9092 — CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without…

casdoor | Remote | Authentication
May 28, 2026 Jun 01, 2026
May 28, 2026
Jun 01, 2026
5.3 MEDIUM
CVE-2026-9091 — CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go c…

casdoor | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
9.1 CRITICAL
CVE-2026-9090 — CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extra…

casdoor | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
8.8 HIGH
CVE-2026-8697 — Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web …

archer_c64_firmware archer_c64 | Authentication
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
7.2 HIGH
CVE-2026-6720 — Calicoctl leaks cluster credentials to stderr when verbose logging is enabled

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embe…

calico_enterprise calico_cloud calico | Remote | Information Disclosure
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.3 MEDIUM
CVE-2026-47676 — Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for…

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips the mount prefix from the incoming request path using the raw URL pathname, …

hono | Remote | Path Traversal
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.3 MEDIUM
CVE-2026-47675 — Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize() function in hono/cookie validates domain and path options against characters th…

hono | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.3 MEDIUM
CVE-2026-47674 — Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against conf…

hono | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-47673 — Hono: JWT middleware accepts any Authorization scheme, not only Bearer

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer sc…

hono | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
Showing 20 of 7230 Results