Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-34178 — Importing a crafted backup leads to project restriction bypass

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a …

lxd | Remote | Misconfiguration
Apr 09, 2026 Apr 22, 2026
Apr 09, 2026
Apr 22, 2026
9.1 CRITICAL
CVE-2026-34177 — VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of k…

lxd | Remote | Misconfiguration
Apr 09, 2026 Apr 22, 2026
Apr 09, 2026
Apr 22, 2026
7.5 HIGH
CVE-2025-62188 — Apache DolphinScheduler: Users can access sensitive information through the actuator endp…

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, inclu…

dolphinscheduler | Remote | Information Disclosure
Apr 09, 2026 Apr 17, 2026
Apr 09, 2026
Apr 17, 2026
10.0 HIGH
CVE-2026-5854 — Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing …

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 27, 2026
Apr 09, 2026
Apr 27, 2026
10.0 HIGH
CVE-2026-5853 — Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 27, 2026
Apr 09, 2026
Apr 27, 2026
10.0 HIGH
CVE-2026-5852 — Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the ar…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 27, 2026
Apr 09, 2026
Apr 27, 2026
10.0 HIGH
CVE-2026-5851 — Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of t…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 27, 2026
Apr 09, 2026
Apr 27, 2026
10.0 HIGH
CVE-2026-5850 — Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 27, 2026
Apr 09, 2026
Apr 27, 2026
9.8 CRITICAL
CVE-2026-5849 — Tenda i12 HTTP path traversal

A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack …

i12 i12_firmware | Remote | Path Traversal
Apr 09, 2026 Apr 30, 2026
Apr 09, 2026
Apr 30, 2026
5.8 MEDIUM
CVE-2026-5848 — jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat…

jimureport | Remote | Injection
Apr 09, 2026 Apr 29, 2026
Apr 09, 2026
Apr 29, 2026
Showing 20 of 5790 Results