Latest CVE Feed

CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

7.1 HIGH

CVE-2026-42069 — Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…

kirby | Remote | Authorization

May 09, 2026 May 18, 2026

May 09, 2026

May 18, 2026

5.3 MEDIUM

CVE-2026-42051 — Kirby: System API endpoint leaks license data and installed version to authenticated users

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patc…

kirby | Remote | Information Disclosure

May 09, 2026 May 18, 2026

May 09, 2026

May 18, 2026

7.5 HIGH

CVE-2026-41311 — LiquidJS is vulnerable to Denial of Service via circular block reference in layout

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo…

liquidjs | Remote | Denial of Service

May 09, 2026 May 14, 2026

May 09, 2026

May 14, 2026

8.7 HIGH

CVE-2026-41163 — bubblewrap vulnerable to privilege escalation in setuid mode via ptrace

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap an…

bubblewrap | Remote | Misconfiguration

May 09, 2026 May 13, 2026

May 09, 2026

May 13, 2026

Showing 20 of 6704 Results

Browse by Apps

Latest CVE Feed

Cookie Preferences