Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-11466 — zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the…

| Authorization
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
0.0 NA
CVE-2026-11465 — songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-…

Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
0.0 NA
CVE-2026-11464 — JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.j…

| Information Disclosure
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
6.5 MEDIUM
CVE-2026-11461 — NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title author…

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipul…

hermes-agent | Remote | Authorization
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
0.0 NA
CVE-2026-11463 — USCiLab Cereal Shared Pointer type confusion

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack …

| Memory Corruption
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
0.0 NA
CVE-2026-11462 — Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callbac…

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the compo…

| Authorization
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11460 — Boost Serialization improper validation of specified type of input

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initia…

Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
8.7 HIGH
CVE-2026-49494 — Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixe…

internet_security | Remote | Memory Corruption
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
3.3 LOW
CVE-2026-11459 — SecureAge CatchPulse IOCTL saappctl.sys information disclosure

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to …

catchpulse | Information Disclosure
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
5.5 MEDIUM
CVE-2026-11458 — erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Ac…

jeewms | Remote | Information Disclosure
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11457 — erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the …

jeewms | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11456 — Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument g…

crm | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
5.0 MEDIUM
CVE-2026-11455 — FoundationAgents MetaGPT common.py check_cmd_exists command injection

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument …

metagpt | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
6.5 MEDIUM
CVE-2026-11453 — Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoin…

employee_self-service_system | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11452 — GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11451 — GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
7.5 HIGH
CVE-2026-11450 — GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
6.5 MEDIUM
CVE-2026-11449 — GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipu…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
5.8 MEDIUM
CVE-2026-11448 — GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
6.5 MEDIUM
CVE-2026-11447 — GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument devi…

gl-mt3000_firmware | Remote | Injection
Jun 07, 2026 Jun 07, 2026
Jun 07, 2026
Jun 07, 2026
Showing 20 of 6688 Results