Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-28369 — Undertow: undertow: request smuggling via malformed http request headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces…

enterprise_linux jboss_enterprise_application_platform single_sign-on undertow fuse data_grid +4 more | Remote | Injection
Mar 27, 2026 Mar 31, 2026
Mar 27, 2026
Mar 31, 2026
9.1 CRITICAL
CVE-2026-28368 — Undertow: undertow: request smuggling via inconsistent header parsing

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. T…

enterprise_linux jboss_enterprise_application_platform single_sign-on undertow fuse data_grid +4 more | Remote | Injection
Mar 27, 2026 Mar 31, 2026
Mar 27, 2026
Mar 31, 2026
9.1 CRITICAL
CVE-2026-28367 — Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, suc…

jboss_enterprise_application_platform single_sign-on undertow fuse data_grid process_automation +3 more | Remote | Injection
Mar 27, 2026 Apr 10, 2026
Mar 27, 2026
Apr 10, 2026
7.2 HIGH
CVE-2025-15616 — Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through v…

wazuh | Remote | Injection
Mar 27, 2026 Mar 31, 2026
Mar 27, 2026
Mar 31, 2026
7.5 HIGH
CVE-2025-15615 — Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of …

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to ca…

wazuh | Remote | Denial of Service
Mar 27, 2026 Mar 31, 2026
Mar 27, 2026
Mar 31, 2026
8.1 HIGH
CVE-2025-15381 — Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, includin…

mlflow | Remote | Authorization
Mar 27, 2026 Mar 30, 2026
Mar 27, 2026
Mar 30, 2026
Showing 20 of 5726 Results