Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2025-5088 — Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on…

Remote | Authentication
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
0.0 NA
CVE-2026-9270 — DataDog::DogStatsd versions through 0.07 for Perl allow metric injections

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_s…

| Injection
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
3.1 LOW
CVE-2026-48102 — GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse…

Remote | Memory Corruption
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
6.5 MEDIUM
CVE-2026-48101 — GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCa…

Remote | Memory Corruption
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
0.0 NA
CVE-2026-11362 — DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour…

| Injection
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
6.5 MEDIUM
CVE-2026-11336 — tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file …

collegemanagementsystem | Remote | Authorization
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
8.8 HIGH
CVE-2026-48095 — GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer u…

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCu…

Remote | Memory Corruption
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
4.3 MEDIUM
CVE-2026-48092 — 7-Zip SquashFS Fragment Offset Overflow (GHSL-2026-116)

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove…

Remote | Memory Corruption
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
0.0 NA
CVE-2026-38579 — Damasac thaipalliative_lte Reflected Cross-Site Scripting

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame…

| Cross-Site Scripting
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
6.5 MEDIUM
CVE-2026-37737 — Sanic-CORS Regex Bypass Vulnerability

sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypas…

Remote | Authorization
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
7.5 HIGH
CVE-2026-11335 — tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /…

collegemanagementsystem | Remote | Authentication
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
7.5 HIGH
CVE-2026-11334 — tittuvarghese CollegeManagementSystem fetch.php sql injection

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file d…

collegemanagementsystem | Remote | Injection
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
6.5 MEDIUM
CVE-2026-11333 — tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.ph…

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unkno…

collegemanagementsystem | Remote | Misconfiguration
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
0.0 NA
CVE-2026-10879 — DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements wi…

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for…

| Memory Corruption
Jun 05, 2026 Jun 06, 2026
Jun 05, 2026
Jun 06, 2026
7.1 HIGH
CVE-2025-59174 — Ericsson Packet Core Controller Denial of Service

Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

packet_core_controller | Denial of Service
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
5.3 MEDIUM
CVE-2020-25900 — HelloTalk GPS Data Leak

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client …

Remote | Information Disclosure
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
6.1 MEDIUM
CVE-2026-50235 — Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attacke…

Remote | Cross-Site Scripting
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
7.5 HIGH
CVE-2026-50234 — Lyrion Music Server 9.2.0 Path Traversal File Read

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …

Remote | Path Traversal
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
5.3 MEDIUM
CVE-2026-50233 — Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonr…

Remote | Information Disclosure
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
7.2 HIGH
CVE-2026-50232 — Lyrion Music Server 9.2.0 Stored XSS via Metadata Tags

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…

Remote | Cross-Site Scripting
Jun 05, 2026 Jun 05, 2026
Jun 05, 2026
Jun 05, 2026
Showing 20 of 7216 Results