Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-27192 — Feathers has an origin validation bypass via prefix matching

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing at…

feathers | Remote | Misconfiguration
Feb 21, 2026 Feb 25, 2026
Feb 21, 2026
Feb 25, 2026
7.4 HIGH
CVE-2026-27191 — Feathers: Open Redirect in OAuth callback enables account takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without…

feathers | Remote | Authentication
Feb 21, 2026 Feb 25, 2026
Feb 21, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-65995 — Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might b…

airflow | Remote | Information Disclosure
Feb 21, 2026 Feb 25, 2026
Feb 21, 2026
Feb 25, 2026
8.3 HIGH
CVE-2026-27203 — eBay API MCP Server Affected by Environment Variable Injection

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the…

Remote | Injection
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
8.8 HIGH
CVE-2026-27202 — GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time o…

getsimple_cms | Remote | Information Disclosure
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
6.6 MEDIUM
CVE-2026-27189 — OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persi…

opensift | Race Condition
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
7.1 HIGH
CVE-2026-27170 — OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavi…

opensift | Remote | Server-Side Request Forgery
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
8.9 HIGH
CVE-2026-27169 — OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces usi…

opensift | Remote | Cross-Site Scripting
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2026-27168 — SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser…

sail | Remote | Memory Corruption
Feb 21, 2026 Mar 02, 2026
Feb 21, 2026
Mar 02, 2026
8.7 HIGH
CVE-2026-27161 — Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride i…

getsimple_cms | Remote | Misconfiguration
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
6.9 MEDIUM
CVE-2026-27147 — GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload func…

getsimple_cms | Remote | Cross-Site Scripting
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
7.1 HIGH
CVE-2026-27146 — GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious…

getsimple_cms | Remote | Cross-Site Request Forgery
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-27134 — Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS u…

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA wi…

strimzi_kafka_operator | Remote | Authentication
Feb 21, 2026 Feb 25, 2026
Feb 21, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2635 — MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not requ…

mlflow | Authentication
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-2492 — TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulne…

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Tensor…

tensorflow | Misconfiguration
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.5 MEDIUM
CVE-2026-2490 — RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerabi…

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of…

| Information Disclosure
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.8 HIGH
CVE-2026-2048 — GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2047 — GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User int…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2045 — GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.8 HIGH
CVE-2026-2044 — GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interactio…

gimp | Memory Corruption
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
Showing 20 of 5313 Results