Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-22007

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22006

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22005

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22004

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22003

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22002

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-22001

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-21999

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-21998

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-21997

None

Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
0.0 NA
CVE-2026-6796 — Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in f…

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the…

| Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
8.8 HIGH
CVE-2026-6819 — HKUDS OpenHarness Plugin Management Command Exposure

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attacker…

Remote | Authentication
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
6.5 MEDIUM
CVE-2026-41320 — Frappe HR has possibility of SQL Injection due to improper field sanitization

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, al…

Remote | Injection
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
8.7 HIGH
CVE-2026-40909 — WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File …

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path …

Remote | Path Traversal
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
5.3 MEDIUM
CVE-2026-40908 — WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes D…

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at the web root executes `git log -1` and returns the full output as JSON to any unauthenticated user…

Remote | Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
6.5 MEDIUM
CVE-2026-40907 — WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Key…

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerabilit…

Remote | Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
9.1 CRITICAL
CVE-2026-40903 — Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the…

Remote | Information Disclosure
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
7.5 HIGH
CVE-2026-40890 — github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > charact…

Remote | Memory Corruption
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
6.5 MEDIUM
CVE-2026-40889 — Frappe HR has Improper Access Control on Files

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Ver…

Remote | Path Traversal
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
6.5 MEDIUM
CVE-2026-40888 — Frappe HR vulnerable to Improper Access Control

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting…

Remote | Authorization
Apr 21, 2026 Apr 21, 2026
Apr 21, 2026
Apr 21, 2026
Showing 20 of 6264 Results