Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-23611 — GFI MailEssentials AI < 22.4 Anti-Spam IP Blocklist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$Con…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23610 — GFI MailEssentials AI < 22.4 POP2Exchange POP3 Server Login Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the PO…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23609 — GFI MailEssentials AI < 22.4 General Settings Perimeter SMTP Servers Description Stored X…

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in …

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23608 — GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23607 — GFI MailEssentials AI < 22.4 Anti-Spam Whitelist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in t…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23606 — GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaSc…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23605 — GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript i…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-23604 — GFI MailEssentials AI < 22.4 Keyword Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in t…

mailessentials | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-2232 — Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based…

The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to in…

Remote | Injection
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
8.7 HIGH
CVE-2026-26336 — Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitiv…

community_share alfresco_enterprise_content_management alfresco_content_services | Remote | Information Disclosure
Feb 19, 2026 Mar 03, 2026
Feb 19, 2026
Mar 03, 2026
9.9 CRITICAL
CVE-2026-26030 — Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote c…

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The…

semantic_kernel | Remote | Injection
Feb 19, 2026 Mar 03, 2026
Feb 19, 2026
Mar 03, 2026
9.2 CRITICAL
CVE-2026-26016 — Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missin…

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user wit…

panel wings | Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
8.7 HIGH
CVE-2026-25998 — strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database …

strongman | Remote | Cryptography
Feb 19, 2026 Feb 23, 2026
Feb 19, 2026
Feb 23, 2026
9.3 CRITICAL
CVE-2026-24834 — Kata Container to Guest micro VM privilege escalation

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with …

kata_containers | Authentication
Feb 19, 2026 Feb 23, 2026
Feb 19, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-1581 — wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplie…

wpforo_forum | Remote | Injection
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.7 MEDIUM
CVE-2025-69725 — Chi Open Redirect Vulnerability

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

Remote | Misconfiguration
Feb 19, 2026 Feb 23, 2026
Feb 19, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2025-69674 — CDATA FD614GS3-R850 Buffer Overflow Arbitrary Code Execution

Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of…

Remote | Memory Corruption
Feb 19, 2026 Feb 25, 2026
Feb 19, 2026
Feb 25, 2026
8.5 HIGH
CVE-2026-2274 — Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network …

Remote | Server-Side Request Forgery
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
8.6 HIGH
CVE-2026-26345 — SPIP < 4.4.8 Cross-Site Scripting in Public Area

SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately…

spip | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 24, 2026
Feb 19, 2026
Feb 24, 2026
6.1 MEDIUM
CVE-2026-26223 — SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area

SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an a…

spip | Remote | Cross-Site Scripting
Feb 19, 2026 Mar 02, 2026
Feb 19, 2026
Mar 02, 2026
Showing 20 of 5066 Results