Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-27650 — Buffalo Wi-Fi Router OS Command Injection Vulnerability

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

wxr-1900dhp2_firmware wzr-600dhp_firmware wzr-900dhp_firmware wzr-600dhp2_firmware wrm-d2133hp_firmware wrm-d2133hs_firmware +86 more | Remote | Injection
Mar 27, 2026 Mar 31, 2026
Mar 27, 2026
Mar 31, 2026
7.5 HIGH
CVE-2026-22744 — Spring AI Redis Store Unescaped User-Controlled Input in TAG Field

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE}…

spring_ai | Remote | Injection
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
7.5 HIGH
CVE-2026-22743 — Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorF…

spring_ai | Remote | Injection
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
8.6 HIGH
CVE-2026-22742 — Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. …

spring_ai | Remote | Server-Side Request Forgery
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
9.8 CRITICAL
CVE-2026-22738 — SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Executi…

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code.…

spring_ai | Remote | Injection
Mar 27, 2026 Apr 16, 2026
Mar 27, 2026
Apr 16, 2026
6.5 MEDIUM
CVE-2024-14028 — Multiple implicit reads in parallel can result in a crash or denial of service

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.

smartlink_hw-dp smartlink_hw-pn | Remote | Memory Corruption
Mar 27, 2026 Mar 30, 2026
Mar 27, 2026
Mar 30, 2026
Showing 20 of 5766 Results