This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2026-33716 - AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
- CVE-2026-33649 - AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification
- CVE-2026-33513 - AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)
- CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.
- CVE-2025-15605 - Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
- CVE-2025-15518 - Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600
- CVE-2025-15517 - Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600
- CVE-2026-33502 - AVideo has Unauthenticated SSRF via plugin/Live/test.php
- CVE-2026-32845 - jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow
- CVE-2026-4404 - Use of hard coded credentials in GoHarbor Harbor
- CVE-2026-33478 - AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection
- CVE-2026-33297 - AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php