Latest CVE Feed

CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

9.8 CRITICAL

CVE-2026-33993 — Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unserialize()` function in `locutus/php/var/unserialize` assigns deserializ…

locutus | Remote | Misconfiguration

Mar 27, 2026 Apr 01, 2026

Mar 27, 2026

Apr 01, 2026

9.3 CRITICAL

CVE-2026-33992 — pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata E…

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request F…

pyload pyload-ng | Remote | Server-Side Request Forgery

Mar 27, 2026 Mar 31, 2026

Mar 27, 2026

Mar 31, 2026

8.8 HIGH

CVE-2026-33991 — WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` …

wegia | Remote | Injection

Mar 27, 2026 Mar 31, 2026

Mar 27, 2026

Mar 31, 2026

5.3 MEDIUM

CVE-2026-33936 — python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signatu…

ecdsa | Remote | Cryptography

Mar 27, 2026 Apr 01, 2026

Mar 27, 2026

Apr 01, 2026

Showing 20 of 5624 Results

Browse by Apps

Latest CVE Feed

Cookie Preferences