Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-27695 — zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{…

zae-limiter | Remote | Denial of Service
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
7.1 HIGH
CVE-2026-27692 — iccDEV has HBO in CIccTagTextDescription::Release()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::R…

iccdev | Memory Corruption
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
6.2 MEDIUM
CVE-2026-27691 — iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication …

iccdev | Memory Corruption
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
6.5 MEDIUM
CVE-2026-3186 — feiyuchuixue sz-boot-parent Password Reset password default password

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the compo…

sz-boot-parent | Remote | Authorization
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
5.5 MEDIUM
CVE-2026-3185 — feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the a…

sz-boot-parent | Remote | Authorization
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
2.3 LOW
CVE-2026-28196 — JetBrains TeamCity Unsecured Credentials Disclosure

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

teamcity | Information Disclosure
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
4.3 MEDIUM
CVE-2026-28195 — JetBrains TeamCity Unauthenticated Build Configuration Parameter Injection

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

teamcity | Remote | Authorization
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
6.1 MEDIUM
CVE-2026-28194 — JetBrains TeamCity Open Redirect Vulnerability

In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow

teamcity | Remote | Misconfiguration
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-28193 — JetBrains YouTrack Unvalidated Request Vulnerability

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

youtrack | Remote | Server-Side Request Forgery
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2026-2624 — Authentication Bypass in ePati's Antikor NGFW

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor …

antikor_next_generation_firewall | Remote | Authentication
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
2.6 LOW
CVE-2026-21725 — Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to…

grafana | Remote | Race Condition
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.1 CRITICAL
CVE-2026-0704 — Octopus Deploy File Traversal Vulnerability

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to…

linux_kernel windows octopus_server | Remote | Path Traversal
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 6072 Results