Latest Cybersecurity Vulnerabilities - Real-Time Updates
Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities.
This page lists the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
including risk scores, affected vendors, and mitigation insights.
Keeping track of emerging threats helps security professionals protect their systems.
Latest 30 CVEs - Real-Time Cyber Threats
Cyber threats are constantly evolving, making real-time vulnerability tracking essential.
Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
providing key details such as affected vendors, impact levels, and risk scores.
Each CVE entry includes a brief summary and a direct link to its full details,
enabling cybersecurity professionals, system administrators, and developers to quickly assess
and mitigate potential security risks.
-
CVE-2026-48777 Vulnerability Insight
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DE...
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-47750 Exploitable Vulnerability Warning
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt f...
Score: 7.8/10
🔥 Very High Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-47747 Severe Cybersecurity Threat
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption.
The issue has been resolved in version master-584-0a7ae07. If developers are unabl...
Score: 7.8/10
🔥 Very High Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-46448 Significant Vulnerability Warning
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
Score: 5.4/10
🚨 Significant Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-22313 High-Severity Security Breach
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send
arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
Score: 9.1/10
☠️ Critical Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-22312 Immediate Threat Report
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).
Score: 8.6/10
☠️ Severe Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-12425 Security Notice
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-12117 Vulnerability Insight
Improper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-12105 Security Notice
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows
an authenticated user to access attachments via folder duplication with
inherited permissions.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-11890 Technical Report
Improper access control in PAM account discovery results in Devolutions
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve
account discovery scan results.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-10303 Severe Cybersecurity Threat
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can supply ACME challenge responses to getssl (for example, a malicious or compromised CA endpoint, or an on-path adversary able to tamper with that response path) could exploit this to achieve unauthorized file write/path traversal effects, usually with elevated privileges, ultimately allowing for remot...
Score: 7.4/10
🔥 Very High Risk
Published on 16 Jun 2026, 20:16 UTC (only 14 hours ago)
-
CVE-2026-0165 Security Notice
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0164 Vulnerability Insight
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0162 Vulnerability Insight
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0161 Vulnerability Insight
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0160 Security Notice
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0158 Technical Report
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0157 Technical Report
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0156 Vulnerability Insight
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
-
CVE-2026-0155 Vulnerability Insight
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
16 Jun 2026, 20:16 UTC (14 hours ago)
What are CVEs?
A Common Vulnerability and Exposure (CVE) is a publicly disclosed cybersecurity flaw
that can be exploited by attackers to compromise software, systems, or networks.
The CVE system is maintained by The CVE Program
and provides a unique identifier for each vulnerability.
CVEs are assigned a severity score using the Common Vulnerability Scoring System (CVSS),
which helps security teams prioritize their response to threats.
Why Tracking CVEs is Important?
Keeping track of the latest CVEs is crucial for organizations and IT security professionals.
Cybercriminals frequently exploit unpatched vulnerabilities to launch ransomware attacks, data breaches, and system takeovers.
By staying updated with the latest threats, companies can apply security patches,
adjust firewall rules, and implement security policies to minimize risks.