Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.7 MEDIUM
CVE-2026-32953 — Tillitis: TKey Client has an Error in Protocol Implementation

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS)…

tkey_client | Cryptography
Mar 20, 2026 Apr 16, 2026
Mar 20, 2026
Apr 16, 2026
8.8 HIGH
CVE-2026-32950 — SQLBot: RCE via SQL Injection in Excel Upload Endpoint

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoi…

sqlbot | Remote | Injection
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
8.7 HIGH
CVE-2026-32949 — SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retri…

sqlbot | Remote | Server-Side Request Forgery
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
4.9 MEDIUM
CVE-2026-32947 — Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy:…

harden-runner | Remote | Server-Side Request Forgery
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
Showing 20 of 6224 Results