Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-23275 — io_uring: ensure ctx->rings is stable for task work flags manipulation

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is …

linux_kernel | Race Condition
Mar 20, 2026 Apr 02, 2026
Mar 20, 2026
Apr 02, 2026
7.8 HIGH
CVE-2026-23274 — netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and al…

linux_kernel | Misconfiguration
Mar 20, 2026 Apr 18, 2026
Mar 20, 2026
Apr 18, 2026
7.8 HIGH
CVE-2026-23273 — macvlan: observe an RCU grace period in macvlan_common_newlink() error path

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens af…

linux_kernel | Race Condition
Mar 20, 2026 Apr 02, 2026
Mar 20, 2026
Apr 02, 2026
7.8 HIGH
CVE-2026-23272 — netfilter: nf_tables: unconditionally bump set->nelems before insertion

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets publishe…

linux_kernel | Race Condition
Mar 20, 2026 Apr 02, 2026
Mar 20, 2026
Apr 02, 2026
7.8 HIGH
CVE-2026-23271 — perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabl…

linux_kernel | Race Condition
Mar 20, 2026 Apr 02, 2026
Mar 20, 2026
Apr 02, 2026
8.7 HIGH
CVE-2026-33191 — free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacke…

free5gc udm | Remote | Injection
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
6.9 MEDIUM
CVE-2026-33065 — free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscript…

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into …

free5gc udm | Remote | Misconfiguration
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
8.7 HIGH
CVE-2026-33064 — free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sd…

free5gc udm | Remote | Memory Corruption
Mar 20, 2026 Mar 23, 2026
Mar 20, 2026
Mar 23, 2026
5.8 MEDIUM
CVE-2026-33061 — Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side obje…

jexactyl | Cross-Site Scripting
Mar 20, 2026 Apr 14, 2026
Mar 20, 2026
Apr 14, 2026
5.7 MEDIUM
CVE-2026-33060 — CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requ…

ckan_mcp_server | Remote | Server-Side Request Forgery
Mar 20, 2026 Apr 17, 2026
Mar 20, 2026
Apr 17, 2026
9.8 CRITICAL
CVE-2026-33057 — Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests u…

mesop | Remote | Authentication
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
6.5 MEDIUM
CVE-2026-33056 — tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path t…

tar tar-rs | Remote | Path Traversal
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
6.5 MEDIUM
CVE-2026-33022 — Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/Pipeli…

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.…

tekton_pipelines | Remote | Denial of Service
Mar 20, 2026 Mar 24, 2026
Mar 20, 2026
Mar 24, 2026
Showing 20 of 6193 Results