Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-46340 — Netty: SCTP reassembly nests buffers without bound

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessag…

netty | Remote | Denial of Service
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
8.7 HIGH
CVE-2026-45674 — Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bai…

netty | Remote | Information Disclosure
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.8 MEDIUM
CVE-2026-45673 — Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating…

netty | Remote | Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
4.0 MEDIUM
CVE-2026-45536 — Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[…

netty | Denial of Service
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.5 HIGH
CVE-2026-45416 — Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handsha…

netty | Remote | Denial of Service
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.5 HIGH
CVE-2026-44894 — Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Fi…

netty | Remote | Authentication
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.5 HIGH
CVE-2026-44893 — Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HA…

netty | Remote | Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.9 MEDIUM
CVE-2026-44205 — Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browse…

Remote | Cross-Site Scripting
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.9 MEDIUM
CVE-2026-41581 — Frappe Vulnerable to Possible SQL Injection via get_blog_list

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.…

Remote | Injection
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
9.8 CRITICAL
CVE-2026-10557 — Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentia…

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are re…

Remote | Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.9 MEDIUM
CVE-2026-49993 — @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when…

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete …

| Information Disclosure
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.3 MEDIUM
CVE-2026-47200 — Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_islan…

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0…

nuxt | Remote | Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
2.3 LOW
CVE-2026-46342 — Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-…

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.…

nuxt | Remote | Injection
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.9 MEDIUM
CVE-2026-45670 — Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHS…

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incompl…

nuxt | Information Disclosure
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.3 MEDIUM
CVE-2026-45669 — Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redi…

nuxt | Remote | Cross-Site Scripting
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.3 MEDIUM
CVE-2026-1836 — Stored credentials in Redmine

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login cred…

| Information Disclosure
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.5 HIGH
CVE-2026-12066 — PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler.…

Remote | Authentication
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
1.8 LOW
CVE-2026-12065 — Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for cust…

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper a…

| Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
8.5 HIGH
CVE-2026-11967 — Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because t…

| Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
8.5 HIGH
CVE-2026-11879 — Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified b…

| Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
Showing 20 of 6958 Results