Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-39047 — EPSON L14150 Buffer Overflow Remote Code Execution

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2025-32750 — Dell PowerFlex Manager Directory Listing Vulnerability

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi…

Remote | Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
4.1 MEDIUM
CVE-2023-7346 — Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…

| Cryptography
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-8485 — Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

moveit_automation | Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.2 HIGH
CVE-2026-8469 — Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
9.5 CRITICAL
CVE-2026-8467 — Unauthenticated remote code execution via HEEx template injection in phoenix_storybook pl…

Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign…

Remote | Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
2.3 LOW
CVE-2026-47068 — Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Stor…

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.8 HIGH
CVE-2026-24425 — Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…

Remote | Misconfiguration
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.8 HIGH
CVE-2026-22554 — MediaArea MediaInfoLib Heap Overflow

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
6.5 MEDIUM
CVE-2026-21836 — HCL DominoIQ is affected by broken access control

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain circumstances, document level access restrictions will be ignored when determining what data to retur…

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.3 MEDIUM
CVE-2026-5950 — Unbounded resend loop in BIND 9 resolver

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-5947 — SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …

Remote | Race Condition
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-5946 — Invalid handling of CLASS != IN

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…

Remote | Denial of Service
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
8.1 HIGH
CVE-2026-45584 — Microsoft Defender Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.5 HIGH
CVE-2026-45498 — Microsoft Defender Denial of Service Vulnerability

Microsoft Defender Denial of Service Vulnerability

May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
5.0 MEDIUM
CVE-2026-45443 — WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Brok…

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affect…

Remote | Authorization
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.8 HIGH
CVE-2026-42834 — Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.6 HIGH
CVE-2026-42383 — WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCom…

Remote | Injection
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.8 HIGH
CVE-2026-41091 — Microsoft Defender Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
7.4 HIGH
CVE-2026-3593 — Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BI…

Remote | Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
Showing 20 of 6437 Results