Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-4685 — Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

firefox firefox_esr thunderbird | Remote | Memory Corruption
Mar 24, 2026 Apr 13, 2026
Mar 24, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-4684 — Race condition, use-after-free in the Graphics: WebRender component

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

firefox firefox_esr thunderbird | Remote | Race Condition
Mar 24, 2026 Apr 13, 2026
Mar 24, 2026
Apr 13, 2026
9.1 CRITICAL
CVE-2026-33475 — Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repo…

langflow | Remote | Injection
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
9.9 CRITICAL
CVE-2026-33309 — Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to t…

langflow | Remote | Path Traversal
Mar 24, 2026 Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Showing 20 of 6404 Results