This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2026-49755 - Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
- CVE-2026-49234 - Routinator crashes on specifically crafted ASN strings in the API
- CVE-2026-49232 - Routinator exits when accepting an incoming HTTP or RTR connection fails
- CVE-2026-43973 - gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
- CVE-2026-11517 - UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow
- CVE-2026-7186 - Fix stored XSS in URL dashboard widget via dangerous URI schemes
- CVE-2026-47430 - Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews
- CVE-2026-11504 - Tenda CX12L Wi-Fi Schedule Configuration Endpoint openSchedWifi setSchedWifi stack-based overflow
- CVE-2026-9506 - Path Traversal Vulnerability in Bagisto
- CVE-2026-11503 - Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
- CVE-2026-41722 - VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)
- CVE-2026-11498 - Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow
- CVE-2023-54352 - WordPress Seotheme Remote Code Execution Unauthenticated
- CVE-2023-54350 - WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
- CVE-2026-49494 - Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service
- CVE-2026-26422 - Clash Verge Service IPC Local Privilege Escalation