Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 CRITICAL
CVE-2026-32891 — Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jell…

anchorr | Remote | Cross-Site Scripting
Mar 20, 2026 Mar 27, 2026
Mar 20, 2026
Mar 27, 2026
9.6 CRITICAL
CVE-2026-32890 — Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltr…

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting (XSS) vulner…

anchorr anchorr | Remote | Cross-Site Scripting
Mar 20, 2026 Mar 27, 2026
Mar 20, 2026
Mar 27, 2026
6.5 MEDIUM
CVE-2026-32889 — tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 …

tinytag | Remote | Denial of Service
Mar 20, 2026 Mar 30, 2026
Mar 20, 2026
Mar 30, 2026
8.8 HIGH
CVE-2026-32888 — Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Function…

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom att…

open_source_point_of_sale | Remote | Injection
Mar 20, 2026 Apr 08, 2026
Mar 20, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-31869 — Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_n…

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerController#mentions endpoint reveals hidden group membership to any authentic…

discourse | Remote | Information Disclosure
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
8.2 HIGH
CVE-2026-31805 — Discourse has a poll authorization bypass via post_id array parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove…

discourse | Remote | Authorization
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
6.5 MEDIUM
CVE-2026-30891 — Discourse hasUnauthorized Exposure of Private User Action Types

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization che…

discourse | Remote | Authorization
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
5.3 MEDIUM
CVE-2026-30889 — Discourse has Unauthorized Post Data Exposure in discourse-user-notes

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts t…

discourse | Remote | Authorization
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
5.5 MEDIUM
CVE-2026-30888 — Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence end…

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guidelines, privacy policy) that the…

discourse | Remote | Authorization
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
9.8 CRITICAL
CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Serv…

identity_manager web_services_manager | Remote
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
Showing 20 of 6250 Results