Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.6 HIGH
CVE-2026-32692 — Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret r…

juju | Remote | Authorization
Mar 18, 2026 Mar 19, 2026
Mar 18, 2026
Mar 19, 2026
5.3 MEDIUM
CVE-2026-32691 — Timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Ju…

juju | Remote | Race Condition
Mar 18, 2026 Mar 19, 2026
Mar 18, 2026
Mar 19, 2026
9.0 CRITICAL
CVE-2026-33265 — LibreChat JWT Token Abuse

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.

librechat | Authentication
Mar 18, 2026 Mar 24, 2026
Mar 18, 2026
Mar 24, 2026
8.0 HIGH
CVE-2025-41258 — LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

librechat | Authentication
Mar 18, 2026 Mar 24, 2026
Mar 18, 2026
Mar 24, 2026
Showing 20 of 6504 Results