Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-6649 — Qibo CMS headers server-side request forgery

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serv…

Remote | Server-Side Request Forgery
Apr 20, 2026 Apr 29, 2026
Apr 20, 2026
Apr 29, 2026
5.7 MEDIUM
CVE-2026-6369 — Exposed Session Token in canonical-livepatch client snap

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sen…

| Authentication
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
9.8 CRITICAL
CVE-2026-5760 — CVE-2026-5760

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered usin…

sglang | Remote | Injection
Apr 20, 2026 Apr 29, 2026
Apr 20, 2026
Apr 29, 2026
8.4 HIGH
CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conn…

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applian…

loadmaster ecs_connection_manager connection_manager_for_objectscale | Injection
Apr 20, 2026 May 01, 2026
Apr 20, 2026
May 01, 2026
8.4 HIGH
CVE-2026-3519 — OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conn…

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Loa…

loadmaster ecs_connection_manager connection_manager_for_objectscale | Injection
Apr 20, 2026 May 01, 2026
Apr 20, 2026
May 01, 2026
8.4 HIGH
CVE-2026-3518 — OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conn…

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applia…

loadmaster ecs_connection_manager connection_manager_for_objectscale | Injection
Apr 20, 2026 May 01, 2026
Apr 20, 2026
May 01, 2026
8.4 HIGH
CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conn…

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Lo…

loadmaster ecs_connection_manager connection_manager_for_objectscale | Injection
Apr 20, 2026 May 01, 2026
Apr 20, 2026
May 01, 2026
5.3 MEDIUM
CVE-2026-33558 — Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By defau…

kafka | Remote | Information Disclosure
Apr 20, 2026 Apr 22, 2026
Apr 20, 2026
Apr 22, 2026
9.1 CRITICAL
CVE-2026-33557 — Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.…

kafka | Remote | Authentication
Apr 20, 2026 Apr 22, 2026
Apr 20, 2026
Apr 22, 2026
5.3 MEDIUM
CVE-2025-66335 — Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of inten…

doris_mcp_server | Remote | Injection
Apr 20, 2026 Apr 22, 2026
Apr 20, 2026
Apr 22, 2026
5.1 MEDIUM
CVE-2026-6648 — Qibo CMS Internal Message cross site scripting

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti…

Remote | Cross-Site Scripting
Apr 20, 2026 Apr 29, 2026
Apr 20, 2026
Apr 29, 2026
Showing 20 of 6411 Results