Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.6 MEDIUM
CVE-2026-27189 — OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persi…

opensift | Race Condition
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
7.1 HIGH
CVE-2026-27170 — OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavi…

opensift | Remote | Server-Side Request Forgery
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
8.9 HIGH
CVE-2026-27169 — OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces usi…

opensift | Remote | Cross-Site Scripting
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2026-27168 — SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser…

sail | Remote | Memory Corruption
Feb 21, 2026 Mar 02, 2026
Feb 21, 2026
Mar 02, 2026
8.7 HIGH
CVE-2026-27161 — Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride i…

getsimple_cms | Remote | Misconfiguration
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
6.9 MEDIUM
CVE-2026-27147 — GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload func…

getsimple_cms | Remote | Cross-Site Scripting
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
7.1 HIGH
CVE-2026-27146 — GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious…

getsimple_cms | Remote | Cross-Site Request Forgery
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-27134 — Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS u…

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA wi…

strimzi_kafka_operator | Remote | Authentication
Feb 21, 2026 Feb 25, 2026
Feb 21, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2635 — MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not requ…

mlflow | Authentication
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-2492 — TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulne…

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Tensor…

tensorflow | Misconfiguration
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.5 MEDIUM
CVE-2026-2490 — RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerabi…

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of…

| Information Disclosure
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.8 HIGH
CVE-2026-2048 — GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2047 — GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User int…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2045 — GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2044 — GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interactio…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-2043 — Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution …

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

nagios_xi | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-2042 — Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Auth…

nagios_xi | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-2041 — Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnera…

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagi…

nagios_xi | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.3 HIGH
CVE-2026-2040 — PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalat…

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations …

pdf-xchange_editor | Path Traversal
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2026-2039 — GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authe…

archiver | Remote | Authentication
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
Showing 20 of 5237 Results