Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-8777 — Edimax BR-6428NS POST Request formStaDrvSetup command injection

A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
9.0 HIGH
CVE-2026-8776 — Edimax BR-6428NS POST Request formPPTPSetup buffer overflow

A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulati…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
9.0 HIGH
CVE-2026-8775 — Edimax BR-6428NS POST Request formL2TPSetup buffer overflow

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TP…

Remote | Memory Corruption
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
6.5 MEDIUM
CVE-2026-8774 — Edimax BR-6228NC POST Request mp command injection

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
5.8 MEDIUM
CVE-2026-8773 — linlinjava litemall Database Setting DbUtil.java load argument injection

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall…

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
5.8 MEDIUM
CVE-2026-8772 — linlinjava litemall Admin Endpoint sql injection

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can …

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
7.5 HIGH
CVE-2026-8771 — linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java …

Remote | Injection
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
3.3 LOW
CVE-2026-8770 — continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat…

| Path Traversal
May 18, 2026 May 18, 2026
May 18, 2026
May 18, 2026
4.3 MEDIUM
CVE-2026-8769 — vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource cons…

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/respons…

Remote | Denial of Service
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8768 — vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils.…

Remote | Server-Side Request Forgery
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
5.0 MEDIUM
CVE-2026-8767 — vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manip…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
4.3 MEDIUM
CVE-2026-8766 — Kilo-Org kilocode Environment Variable config.ts load information disclosure

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…

Remote | Information Disclosure
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
4.3 MEDIUM
CVE-2026-8765 — Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
8.3 HIGH
CVE-2026-8764 — H3C Magic B3 aspForm UpdateWanParams buffer overflow

A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffe…

Remote | Memory Corruption
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
0.0 NA
CVE-2026-8721 — Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded N…

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…

| Cryptography
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
0.0 NA
CVE-2026-8507 — Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…

| Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
0.0 NA
CVE-2026-46720 — Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…

| Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8759 — xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFuncti…

Remote | Injection
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8758 — Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lea…

Remote | Misconfiguration
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
7.5 HIGH
CVE-2026-8757 — adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…

Remote | Path Traversal
May 17, 2026 May 17, 2026
May 17, 2026
May 17, 2026
Showing 20 of 6161 Results