Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.7 HIGH
CVE-2026-49957 — Hermes WebUI < 0.51.269 Workspace Boundary Bypass via api/workspace.py

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…

Remote | Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.1 HIGH
CVE-2026-49956 — Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…

Remote | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.9 MEDIUM
CVE-2026-49955 — Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey option…

Remote | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.3 MEDIUM
CVE-2026-49848 — FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49847 — FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.3 MEDIUM
CVE-2026-49843 — FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_vert…

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49842 — FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.8 CRITICAL
CVE-2026-49841 — FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.1 CRITICAL
CVE-2026-49840 — FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49475 — FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.3 MEDIUM
CVE-2026-49472 — FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.8 HIGH
CVE-2026-49161 — Microsoft PC Manager Security Feature Bypass Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

pc_manager
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49160 — HTTP.sys Denial of Service Vulnerability

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

windows_10 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 windows_server_2025
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.8 HIGH
CVE-2026-48583 — Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

windows_10 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 windows_server_2025
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.9 HIGH
CVE-2026-48578 — Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.9 HIGH
CVE-2026-48576 — Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.9 HIGH
CVE-2026-48575 — Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.8 HIGH
CVE-2026-48574 — Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.9 HIGH
CVE-2026-48573 — Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.9 HIGH
CVE-2026-48570 — Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
Showing 20 of 7465 Results