Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-47333 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification han…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.5 MEDIUM
CVE-2026-47332 — Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can…

| Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.8 HIGH
CVE-2026-47331 — Use-after-free in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-fr…

| Race Condition
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
3.3 LOW
CVE-2026-47330 — Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri…

| Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
3.3 LOW
CVE-2026-47329 — Incorrect validation of field size in Ubuntu Linux AppArmor notification responses

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.1 MEDIUM
CVE-2026-47328 — Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
3.3 LOW
CVE-2026-47327 — NULL pointer dereference in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c…

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.5 MEDIUM
CVE-2026-47326 — Memory leak in Ubuntu Linux AppArmor large notification response allocation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory …

| Memory Corruption
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.9 MEDIUM
CVE-2026-47136 — RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…

Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.0 MEDIUM
CVE-2026-46685 — RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata…

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…

Remote | Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.0 MEDIUM
CVE-2026-46526 — Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac…

Remote | Server-Side Request Forgery
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.2 HIGH
CVE-2026-46509 — deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Po…

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…

Remote | Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.5 HIGH
CVE-2026-45332 — Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password …

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr…

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.8 HIGH
CVE-2026-45044 — RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated …

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any…

Remote | Denial of Service
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.1 HIGH
CVE-2026-45042 — RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing dest…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.7 HIGH
CVE-2026-45041 — RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses i…

Remote | Cryptography
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.3 MEDIUM
CVE-2026-45040 — RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs […

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit…

Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.8 CRITICAL
CVE-2026-45039 — RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer …

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The functi…

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.0 MEDIUM
CVE-2026-44394 — OpenStack Keystone Infinite Token Lifetime Vulnerability

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federate…

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.0 MEDIUM
CVE-2026-43979 — Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.…

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value…

Remote | Cross-Site Scripting
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
Showing 20 of 6775 Results