Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-7714 — crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authenticati…

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This …

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.0 CRITICAL
CVE-2026-7372 — GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.4 HIGH
CVE-2026-7371 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vu…

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…

Remote | Cross-Site Scripting
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.3 CRITICAL
CVE-2026-7161 — GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…

Remote | Cryptography
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.0 CRITICAL
CVE-2026-42370 — GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
10.0 CRITICAL
CVE-2026-42369 — GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.9 CRITICAL
CVE-2026-42368 — GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attack…

Remote | Authorization
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-42367 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via …

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker …

Remote | Information Disclosure
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.4 HIGH
CVE-2026-42366 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vu…

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…

Remote | Cross-Site Scripting
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
8.6 HIGH
CVE-2026-42365 — GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.9 CRITICAL
CVE-2026-42364 — GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerabil…

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7713 — crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_tok…

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo…

Remote | Authorization
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7712 — MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss…

Remote | Misconfiguration
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.5 HIGH
CVE-2026-7711 — MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing…

Remote | Misconfiguration
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.5 HIGH
CVE-2026-7710 — YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal impro…

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
4.9 MEDIUM
CVE-2026-6948 — Unbounded Memory Allocation in VQLResponse Result-Set Writer

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server …

Remote | Denial of Service
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7709 — janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation…

Remote | Authorization
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7708 — Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7707 — Open5GS UDR nudr-handler.c udr_nudr_dr_handle_subscription_context denial of service

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the ar…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
4.3 MEDIUM
CVE-2026-7706 — Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to de…

Remote | Denial of Service
May 03, 2026 May 03, 2026
May 03, 2026
May 03, 2026
Showing 20 of 5507 Results