Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-33590 — Insecure default permissions in Portainer CE

Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with end…

Remote | Authorization
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-33464 — Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially …

kibana | Remote | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.3 MEDIUM
CVE-2026-33463 — Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized…

Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-b…

kibana | Remote | Authorization
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
7.3 HIGH
CVE-2026-33462 — Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifi…

kibana | Remote | Path Traversal
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
8.7 HIGH
CVE-2026-32847 — DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying…

deepcode | Remote | Path Traversal
May 28, 2026 Jun 03, 2026
May 28, 2026
Jun 03, 2026
8.8 HIGH
CVE-2026-4944 — Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and …

vllm | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47337 — NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47336 — Use of uninitialized value in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation rules

Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and…

ubuntu_linux | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47335 — NULL pointer dereference in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a …

ubuntu_linux | Denial of Service
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47334 — Deadlock or kernel panic in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user an…

ubuntu_linux | Race Condition
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
7.8 HIGH
CVE-2026-47333 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification han…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47332 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can…

ubuntu_linux | Information Disclosure
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
7.8 HIGH
CVE-2026-47331 — Use-after-free in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-fr…

ubuntu_linux | Race Condition
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47330 — Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri…

ubuntu_linux | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47329 — Incorrect validation of field size in Ubuntu Linux AppArmor notification responses

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.1 MEDIUM
CVE-2026-47328 — Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
3.3 LOW
CVE-2026-47327 — NULL pointer dereference in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c…

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
5.5 MEDIUM
CVE-2026-47326 — Memory leak in Ubuntu Linux AppArmor large notification response allocation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory …

ubuntu_linux | Memory Corruption
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.9 MEDIUM
CVE-2026-47136 — RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…

rustfs | Remote | Information Disclosure
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
6.0 MEDIUM
CVE-2026-46685 — RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata…

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…

rustfs | Remote | Misconfiguration
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
Showing 20 of 7159 Results