Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-40340 — libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo res…

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The …

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
5.2 MEDIUM
CVE-2026-40339 — libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormFlag parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function read…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
5.2 MEDIUM
CVE-2026-40338 — libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
5.1 MEDIUM
CVE-2026-40337 — Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task…

| Denial of Service
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
2.4 LOW
CVE-2026-40336 — libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pac…

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a se…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
5.2 MEDIUM
CVE-2026-40335 — libgphoto2 has OOB read in ptp_unpack_DPV() UINT128/INT128 handling in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and I…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
3.5 LOW
CVE-2026-40334 — libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The functi…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
6.1 MEDIUM
CVE-2026-40333 — libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx()…

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded…

| Memory Corruption
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
9.1 CRITICAL
CVE-2026-40324 — Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A c…

Remote | Denial of Service
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
8.9 HIGH
CVE-2026-40323 — SP1 V6 Recursion Circuit Row-Count Binding Gap

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 re…

Remote | Misconfiguration
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
7.5 HIGH
CVE-2026-2262 — Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…

easy_appointments | Remote | Information Disclosure
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
4.3 MEDIUM
CVE-2026-40486 — Kimai's User Preferences API allows standard users to modify restricted attributes: hourl…

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without chec…

kimai | Remote | Authorization
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.2 HIGH
CVE-2026-40481 — monetr: Unauthenticated Stripe webhook reads attacker-sized request bodies before signatu…

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe sig…

Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
5.4 MEDIUM
CVE-2026-40479 — Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget

Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a us…

kimai | Remote | Cross-Site Scripting
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.4 MEDIUM
CVE-2026-2434 — Pz-LinkCard <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sho…

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanit…

pz-linkcard | Remote | Cross-Site Scripting
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.1 HIGH
CVE-2026-5720 — miniupnpd Integer Underflow SOAPAction Header Parsing

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio…

| Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
9.0 CRITICAL
CVE-2026-40478 — Improper neutralization of specific syntax patterns for unauthorized expressions in Thyme…

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanism…

thymeleaf | Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
9.0 CRITICAL
CVE-2026-40477 — Improper restriction of the scope of accessible objects in Thymeleaf expressions

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. A…

thymeleaf | Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.9 MEDIUM
CVE-2026-40476 — graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged v…

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response n…

Remote | Denial of Service
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.6 HIGH
CVE-2026-40474 — wger has Broken Access Control in the Global Gym Configuration Update Endpoint

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead…

wger | Remote | Authorization
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
Showing 20 of 6477 Results