Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-35453 — PhpSpreadsheet XSS via number format text substitution in HTML Writer

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT…

Remote | Cross-Site Scripting
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
7.6 HIGH
CVE-2026-35397 — jupyter-server path traversal allows access to sibling directories sharing root_dir name …

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d…

Remote | Path Traversal
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
5.4 MEDIUM
CVE-2026-34596 — Sandboxie-Plus local privilege escalation via TOCTOU race condition in UpdUtil addon inst…

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.…

| Race Condition
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
2.0 LOW
CVE-2026-34527 — Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrec…

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high…

| Cryptography
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.8 HIGH
CVE-2026-34464 — Sandboxie-Plus NamedPipeServer OpenHandler stack overflow via unterminated server field

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fix…

| Memory Corruption
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
7.3 HIGH
CVE-2026-34462 — Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string …

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandl…

| Memory Corruption
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
7.3 HIGH
CVE-2026-34461 — Sandboxie-Plus SbieIniServer RunSbieCtrl stack buffer overflow allows local privilege esc…

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_I…

| Memory Corruption
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.8 HIGH
CVE-2026-34459 — Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawI…

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilit…

| Information Disclosure
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
9.3 CRITICAL
CVE-2026-34458 — Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration re…

| Injection
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
9.2 CRITICAL
CVE-2026-34084 — PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t…

phpspreadsheet | Remote | Server-Side Request Forgery
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.3 HIGH
CVE-2026-33975 — twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 address…

Remote | Server-Side Request Forgery
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.2 HIGH
CVE-2026-33489 — CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The l…

coredns | Remote | Misconfiguration
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
5.3 MEDIUM
CVE-2026-33420 — Vaultwarden missing authorization check allows Manager-role users to enumerate all collec…

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing …

Remote | Authorization
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
9.4 CRITICAL
CVE-2026-33324 — SQLBot prompt injection allows arbitrary SQL execution and remote code execution

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que…

Remote | Injection
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.7 HIGH
CVE-2026-33190 — CoreDNS TSIG authentication bypass on encrypted DNS transports

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport w…

coredns | Remote | Authentication
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.7 HIGH
CVE-2026-32936 — CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decodi…

coredns | Remote | Denial of Service
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.7 HIGH
CVE-2026-32934 — CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QU…

coredns | Remote | Denial of Service
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
5.3 MEDIUM
CVE-2026-32699 — FacturaScripts unauthorized modification of immutable nick field via EditUser controller

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser control…

facturascripts | Remote | Authorization
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
8.2 HIGH
CVE-2026-32603 — Sandboxie kernel driver denial of service via malformed IOCTL from sandboxed process

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege…

| Denial of Service
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
6.8 MEDIUM
CVE-2026-31893 — Tunnelblick arbitrary file read via symlink following in tunnelblickd

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin…

| Path Traversal
May 05, 2026 May 05, 2026
May 05, 2026
May 05, 2026
Showing 20 of 5700 Results