Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-27677 — Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. …

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.3 MEDIUM
CVE-2026-27676 — Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structu…

Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper…

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
2.0 LOW
CVE-2026-27675 — Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due t…

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2026-27674 — Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and cau…

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.9 MEDIUM
CVE-2026-27673 — Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operation…

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.3 MEDIUM
CVE-2026-27672 — Missing Authorization check in Material Master Application

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a lo…

Remote | Authorization
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.2 MEDIUM
CVE-2026-24318 — Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Pl…

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauth…

businessobjects_business_intelligence_platform | Remote | Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2026-0512 — Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Ha…

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed …

Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2026-6203 — User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_…

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via t…

user_registration_\&_membership | Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-5086 — Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim…

| Cryptography
Apr 13, 2026 Apr 14, 2026
Apr 13, 2026
Apr 14, 2026
6.9 MEDIUM
CVE-2026-39979 — jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counte…

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its …

jq | Remote | Memory Corruption
Apr 13, 2026 Apr 14, 2026
Apr 13, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2026-39956 — jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosu…

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() with…

jq | Memory Corruption
Apr 13, 2026 Apr 14, 2026
Apr 13, 2026
Apr 14, 2026
7.5 HIGH
CVE-2026-6224 — nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javas…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.8 MEDIUM
CVE-2026-6220 — HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side…

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handl…

hummerrisk | Remote | Server-Side Request Forgery
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.0 HIGH
CVE-2026-4786 — Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbro…

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the …

python | Injection
Apr 13, 2026 Apr 14, 2026
Apr 13, 2026
Apr 14, 2026
6.2 MEDIUM
CVE-2026-40312 — ImageMagick: Off-by-One in MSL decoder could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malico…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40311 — ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing va…

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40310 — ImageMagick: Heap out-of-bounds write in JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with w…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40183 — ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the im…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.2 MEDIUM
CVE-2026-40169 — ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a y…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
Showing 20 of 6710 Results