Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-32624 — xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat lengt…

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrd…

xrdp | Remote | Memory Corruption
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.7 HIGH
CVE-2026-32623 — xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the mo…

xrdp | Remote | Memory Corruption
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.7 HIGH
CVE-2026-32324 — Anviz CX7 Firmware Use of Hard-coded Cryptographic Key

Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at s…

| Cryptography
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.8 HIGH
CVE-2026-32107 — xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid…

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management c…

xrdp | Authorization
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
9.3 CRITICAL
CVE-2026-32105 — xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in n…

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classi…

xrdp | Remote | Cryptography
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
4.9 MEDIUM
CVE-2026-31927 — Anviz CX7 Firmware Relative Path Traversal

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with deb…

Remote | Path Traversal
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.9 MEDIUM
CVE-2026-6437 — AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creati…

Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
9.1 CRITICAL
CVE-2026-40525 — OpenViking Authentication Bypass via VikingBot OpenAPI

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration…

openviking | Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.5 HIGH
CVE-2026-33337 — Firebird has a buffer overflow when parsing corrupted slice packets

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cs…

firebird | Remote | Memory Corruption
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.2 HIGH
CVE-2026-28224 — Firebird Null Pointer Dereference via CryptCallback causes DOS

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, …

firebird | Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.0 MEDIUM
CVE-2026-28214 — Firebird server hangs when using specific clumplet on batch creation

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when …

firebird | Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.5 HIGH
CVE-2026-28212 — Firebird has potential server crash via null pointer dereference when processing op_slice…

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…

firebird | Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.2 HIGH
CVE-2026-27890 — Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…

firebird | Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.1 HIGH
CVE-2026-5718 — Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitr…

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type …

drag_and_drop_multiple_file_upload_-_contact_form_7 | Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.5 HIGH
CVE-2026-5710 — Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limite…

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to t…

drag_and_drop_multiple_file_upload_-_contact_form_7 | Remote | Path Traversal
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
5.4 MEDIUM
CVE-2026-40320 — Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silentl…

| Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
1.0 LOW
CVE-2026-40319 — Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() wit…

| Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.9 HIGH
CVE-2025-65104 — Firebird: Information leak vulnerability in firebird3 client when used with newer server

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher se…

firebird | Information Disclosure
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.1 HIGH
CVE-2026-40518 — ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attacker…

Remote | Path Traversal
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.3 HIGH
CVE-2026-40516 — OpenHarness SSRF via web_fetch and web_search

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by man…

Remote | Server-Side Request Forgery
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
Showing 20 of 6475 Results