Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-47310 — Samsung Escargot After Free Pointer Manipulation

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

escargot | Remote | Memory Corruption
May 19, 2026 Jun 02, 2026
May 19, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-47309 — Samsung Open Source Escargot Uncontrolled Recursion Deserialization Vulnerability

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

escargot | Remote | Denial of Service
May 19, 2026 Jun 02, 2026
May 19, 2026
Jun 02, 2026
7.5 HIGH
CVE-2025-15609 — Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…

Remote | Information Disclosure
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
7.5 HIGH
CVE-2026-47308 — Samsung Open Source Walrus NULL Pointer Dereference Vulnerability

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

walrus | Remote | Memory Corruption
May 19, 2026 Jun 02, 2026
May 19, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-32994 — Slack API Autotranslate Message ID Information Disclosure Vulnerability

The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any…

rocket.chat | Remote | Authorization
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
7.5 HIGH
CVE-2026-47307 — Samsung Open Source Walrus Null Pointer Dereference Denial of Service Vulnerability

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu…

walrus | Remote | Memory Corruption
May 19, 2026 Jun 02, 2026
May 19, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-33565 — kernel_linux_common_modules has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

openharmony | Denial of Service
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
3.3 LOW
CVE-2026-28751 — filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

openharmony | Denial of Service
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
6.5 MEDIUM
CVE-2026-28733 — filemanagement_storage_service has an use after free vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.

openharmony | Memory Corruption
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
3.3 LOW
CVE-2026-27781 — kernel_liteos_a has an integer overflow vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

openharmony | Denial of Service
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
5.5 MEDIUM
CVE-2026-27766 — multimedia_audio_framework has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.

openharmony | Information Disclosure
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
8.8 HIGH
CVE-2026-27648 — web_webview has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

openharmony | Remote | Injection
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
5.5 MEDIUM
CVE-2026-25850 — filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

openharmony | Information Disclosure
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
8.4 HIGH
CVE-2026-25781 — kernel_liteos_a has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

openharmony | Denial of Service
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
3.3 LOW
CVE-2026-25110 — Sensors_medical_sensor has a NULL pointer dereference vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

openharmony | Denial of Service
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
8.1 HIGH
CVE-2026-24792 — web_webview has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

openharmony | Remote | Memory Corruption
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
7.3 HIGH
CVE-2026-22069 — O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

| Authentication
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
6.0 MEDIUM
CVE-2026-33514 — Discourse: Information Disclosure in Form Template API Due to Missing Authorization

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…

discourse | Remote | Authorization
May 19, 2026 Jun 01, 2026
May 19, 2026
Jun 01, 2026
5.0 MEDIUM
CVE-2026-33234 — AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…

autogpt_platform | Remote | Server-Side Request Forgery
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
7.6 HIGH
CVE-2026-33233 — AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache …

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache byte…

autogpt_platform | Injection
May 19, 2026 May 19, 2026
May 19, 2026
May 19, 2026
Showing 20 of 7020 Results