Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.0 MEDIUM
CVE-2026-33294 — AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resourc…

WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents…

avideo | Remote | Server-Side Request Forgery
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
8.1 HIGH
CVE-2026-33293 — AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Par…

WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitizati…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
7.5 HIGH
CVE-2026-33292 — AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Priva…

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to st…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
9.0 HIGH
CVE-2026-4553 — Tenda F453 Parameters Natlimit fromNatlimit stack-based overflow

A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page lea…

f453_firmware f453 | Remote | Memory Corruption
Mar 22, 2026 Apr 02, 2026
Mar 22, 2026
Apr 02, 2026
Showing 20 of 6064 Results