Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-4538 — PyTorch pt2 Loading deserialization

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be p…

| Misconfiguration
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.8 MEDIUM
CVE-2026-4537 — Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c…

Remote | Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
7.5 HIGH
CVE-2026-4536 — Acrel Environmental Monitoring Cloud Platform unrestricted upload

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may …

Remote | Misconfiguration
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
9.0 HIGH
CVE-2026-4535 — Tenda FH451 WrlclientSet stack-based overflow

A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based…

Remote | Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
9.0 HIGH
CVE-2026-4534 — Tenda FH451 WrlExtraSet formWrlExtraSet stack-based overflow

A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The a…

Remote | Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
8.8 HIGH
CVE-2026-4314 — The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privi…

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequ…

Remote | Authorization
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.4 MEDIUM
CVE-2026-3427 — Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonT…

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, an…

Remote | Cross-Site Scripting
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.5 MEDIUM
CVE-2026-4533 — code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Statu…

Remote | Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
2.0 LOW
CVE-2026-33550 — SOGo OTP Weakness

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

Remote | Authentication
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.7 MEDIUM
CVE-2026-33549 — SPIP Unintended Privilege Assignment Vulnerability

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Remote | Authorization
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.4 MEDIUM
CVE-2025-71276 — SOGo Cross-Site Scripting Vulnerability

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

Remote | Cross-Site Scripting
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.5 MEDIUM
CVE-2026-4532 — code-projects Simple Food Ordering System Database Backup food.sql file access

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the com…

Remote | Path Traversal
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2026-4531 — Free5GC AMF handler.go HandleRegistrationComplete denial of service

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to den…

Remote | Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25589 — ZOC Terminal 7.23.4 Buffer Overflow Denial of Service

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attac…

| Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25588 — BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. At…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25587 — BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessiv…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25586 — Deluge 1.3.15 Denial of Service via URL Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25585 — Deluge 1.3.15 Denial of Service via Webseeds Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buff…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25584 — RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. At…

| Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.9 MEDIUM
CVE-2019-25583 — RarmaRadio 2.72.3 Username Field Denial of Service

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buf…

| Denial of Service
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
Showing 20 of 5465 Results