Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-22743 — Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorF…

spring_ai | Remote | Injection
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
8.6 HIGH
CVE-2026-22742 — Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. …

spring_ai | Remote | Server-Side Request Forgery
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
9.8 CRITICAL
CVE-2026-22738 — SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Executi…

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code.…

spring_ai | Remote | Injection
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
6.5 MEDIUM
CVE-2024-14028 — Multiple implicit reads in parallel can result in a crash or denial of service

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.

smartlink_hw-dp smartlink_hw-pn | Remote | Memory Corruption
Mar 27, 2026 Mar 30, 2026
Mar 27, 2026
Mar 30, 2026
Showing 20 of 5764 Results