Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-42369 — GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.9 CRITICAL
CVE-2026-42368 — GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attack…

Remote | Authorization
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-42367 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via …

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker …

Remote | Information Disclosure
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.4 HIGH
CVE-2026-42366 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vu…

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…

Remote | Cross-Site Scripting
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
8.6 HIGH
CVE-2026-42365 — GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.9 CRITICAL
CVE-2026-42364 — GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerabil…

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7713 — crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_tok…

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo…

Remote | Authorization
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7712 — MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss…

Remote | Misconfiguration
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.5 HIGH
CVE-2026-7711 — MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing…

Remote | Misconfiguration
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.5 HIGH
CVE-2026-7710 — YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal impro…

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
4.9 MEDIUM
CVE-2026-6948 — Unbounded Memory Allocation in VQLResponse Result-Set Writer

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server …

Remote | Denial of Service
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7709 — janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation…

Remote | Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7708 — Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7707 — Open5GS UDR nudr-handler.c udr_nudr_dr_handle_subscription_context denial of service

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the ar…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7706 — Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to de…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
6.5 MEDIUM
CVE-2026-7705 — JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argum…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7704 — AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path tra…

| Path Traversal
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
7.5 HIGH
CVE-2026-7703 — AV Stumpfl Pixera Two Media Server Websocket API code injection

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be i…

Remote | Injection
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
5.5 MEDIUM
CVE-2026-7702 — toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview E…

Remote | Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
5.0 MEDIUM
CVE-2026-7701 — Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the compon…

Remote | Memory Corruption
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
Showing 20 of 5502 Results