This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2026-4145 - Lenovo Software Fix Elevation of Privilege Vulnerability
- CVE-2026-33805 - @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers
- CVE-2026-33807 - @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes
- CVE-2026-33808 - @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
- CVE-2026-3505 - Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
- CVE-2026-5588 - PKIX draft CompositeVerifier accepts empty signature sequence as valid.
- CVE-2026-5598 - Non-constant time comparisons risk private key leakage in FrodoKEM.
- CVE-2026-0636 - LDAP Injection Vulnerability in LDAPStoreHelper.java
- CVE-2025-14813 - GOSTCTR implementation unable to process more than 255 blocks correctly
- CVE-2026-3461 - Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email
- CVE-2025-40899 - Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0
- CVE-2025-40897 - Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
- CVE-2026-5617 - Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie
- CVE-2026-1555 - WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
- CVE-2026-6328 - XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets
- CVE-2026-40499 - radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
- CVE-2026-39884 - MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting
- CVE-2026-39842 - OpenRemote is Vulnerable to Expression Injection
- CVE-2026-35589 - nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)
- CVE-2026-34457 - OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode
- CVE-2026-27290 - Adobe Framemaker | Untrusted Search Path (CWE-426)