Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-57896 — AutomationDirect Productivity Suite Out-of-bounds Read

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information …

productivity_suite | Memory Corruption
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.1 HIGH
CVE-2026-55173 — AVideo incomplete fix for CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&'…

WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because the fix for CVE-2026-33482 was incomplete and still does not neutralize a singl…

avideo | Remote | Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.0 HIGH
CVE-2026-53410 — Zoom Clients for Windows - Race Condition

A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privilege…

| Race Condition
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.8 HIGH
CVE-2026-53409 — Zoom Rooms for Windows Privilege Escalation

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.

| Authorization
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.6 HIGH
CVE-2026-44023 — Docling Core has unsafe remote filename resolution

Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remo…

docling-core | Remote | Server-Side Request Forgery
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.1 HIGH
CVE-2026-44019 — Docling Core has insufficient validation of image reference URIs

Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image re…

docling-core | Remote | Path Traversal
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
0.0 NA
CVE-2026-38158 — UReport SQL Injection

A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements.

| Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
0.0 NA
CVE-2026-36425 — OPSWAT AppRemover Driver Improper Access Control Vulnerability

An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user can open the device and send process termination requests without privilege va…

| Authorization
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
6.5 MEDIUM
CVE-2026-33731 — AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflatio…

WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an a…

avideo | Remote | Authorization
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.5 HIGH
CVE-2026-33692 — AVideo Has Unauthenticated .env File Exposure via Official Docker Compose Configuration

WWBN AVideo is an open source video platform. Versions prior to 29.0 expose .env files to unauthenticated users through the official Docker compose configuration. The official docker-compose.yml moun…

avideo | Remote | Misconfiguration
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.1 HIGH
CVE-2026-11889 — SALTO ProAccess Space Authorization Bypass Through User-Controlled Key

SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by th…

Remote | Authorization
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.1 HIGH
CVE-2024-34268 — EQ-3 Eqiva CC-RT-BLE Bluetooth Authentication Bypass

EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain fu…

| Authentication
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
3.5 LOW
CVE-2024-32389 — Kerlink Wirnet iStation Buffer Overflow Vulnerability

Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the update URLs component.

| Memory Corruption
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
5.7 MEDIUM
CVE-2024-32387 — Kerlink Wirnet iStation SNMP Information Disclosure

An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the community string component.

| Information Disclosure
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.3 HIGH
CVE-2024-32386 — Kerlink Wirnet iStation Directory Traversal Vulnerability

Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the SNMP update mechanism.

| Path Traversal
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
4.3 MEDIUM
CVE-2024-32385 — Kerlink Wirnet iStation Information Disclosure Vulnerability

An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via a boardID and revisionID components

| Information Disclosure
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.1 HIGH
CVE-2026-63397 — remorses/genql code injection

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is inj…

Remote | Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
9.3 CRITICAL
CVE-2026-63089 — WireGuard Easy Weak Token Generation Information Disclosure via OTL Route

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGua…

Remote | Cryptography
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
3.7 LOW
CVE-2026-62994 — CoreDNS `k8s_external` headless AXFR can emit an empty transfer batch that panics the `tr…

CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8s_external headle…

Remote | Denial of Service
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.7 HIGH
CVE-2026-62963 — Centrifugo: Decompression bomb DoS via permessage-deflate in unidirectional WebSocket tra…

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uni_websocket.compression enabled enforced uni_websocket.message_s…

centrifugo | Remote | Denial of Service
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
Showing 20 of 8332 Results