Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2026-27702

    Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier accounts) to... Read more

    Affected Products : budibase
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2026-25592

    Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonP... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2026-27595

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticat... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2026-27626

    OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dangerous argument types but not `password`. A user supplyin... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-27194

    D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to ru... Read more

    Affected Products : d-tale
    • Published: Feb. 21, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2805

    Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2797

    Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2781

    Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2795

    Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2774

    Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2799

    Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2796

    JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2779

    Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2784

    Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-2763

    Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2791

    Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026

  • 9.8

    CRITICAL
    CVE-2026-2789

    Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2786

    Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2785

    Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2775

    Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4887 Results