Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-26014 — Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authenticat…

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for …

dtls | Remote | Cryptography
Feb 11, 2026 Feb 25, 2026
Feb 11, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-26010 — Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgre…

openmetadata | Remote | Authorization
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
7.1 HIGH
CVE-2026-25999 — Klaw has an improper authorisation check on /resetMemoryCache

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or de…

klaw | Remote | Authorization
Feb 11, 2026 Feb 26, 2026
Feb 11, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2026-25994 — PJSIP has a heap buffer overflow in ICE with long username

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with exces…

pjsip pjsip | Remote | Memory Corruption
Feb 11, 2026 Feb 19, 2026
Feb 11, 2026
Feb 19, 2026
8.9 HIGH
CVE-2026-25990 — Pillow has an out-of-bounds write when loading PSD images

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

pillow | Remote | Memory Corruption
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
8.6 HIGH
CVE-2026-25935 — Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server…

vikunja | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
8.4 HIGH
CVE-2026-25924 — Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remot…

kanboard | Remote | Authentication
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
8.7 HIGH
CVE-2026-25759 — Statmatic affected by privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permi…

statamic | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 18, 2026
Feb 11, 2026
Feb 18, 2026
4.3 MEDIUM
CVE-2026-25633 — Statamic's missing authorization allows access to assets

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata.…

statamic | Remote | Authorization
Feb 11, 2026 Feb 18, 2026
Feb 11, 2026
Feb 18, 2026
5.5 MEDIUM
CVE-2026-25062 — Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join…

outline | Remote | Path Traversal
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
6.9 MEDIUM
CVE-2025-68663 — Outline has a suspended user authentication bypass via WebSocket connections

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or …

outline | Remote | Authentication
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
7.6 HIGH
CVE-2025-64487 — Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorizati…

outline | Remote | Authorization
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
8.8 HIGH
CVE-2024-50620 — CIPPlanner CIPAce Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable…

cipace | Remote | Misconfiguration
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
7.5 HIGH
CVE-2020-37215 — MSN Password Recovery 1.30 - Denial of Service

MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers …

office_password_recovery | Remote | Denial of Service
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
8.7 HIGH
CVE-2020-37214 — Voyager 1.3.0 - Directory Traversal

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in…

voyager | Remote | Path Traversal
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
7.5 HIGH
CVE-2020-37213 — TextCrawler Pro3.1.1 - Denial of Service

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-…

Remote | Denial of Service
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
7.5 HIGH
CVE-2020-37212 — SpotMSN 2.4.6 - 'Name' Denial of Service

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste…

spotmsn | Remote | Denial of Service
Feb 11, 2026 Feb 26, 2026
Feb 11, 2026
Feb 26, 2026
7.5 HIGH
CVE-2020-37211 — SpotIM 2.2 - 'Name' Denial Of Service

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-characte…

spotim | Remote | Denial of Service
Feb 11, 2026 Feb 26, 2026
Feb 11, 2026
Feb 26, 2026
7.5 HIGH
CVE-2020-37210 — SpotIE 2.9.5 - 'Key' Denial of Service

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste …

spotie | Remote | Denial of Service
Feb 11, 2026 Feb 26, 2026
Feb 11, 2026
Feb 26, 2026
7.5 HIGH
CVE-2020-37209 — SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload …

spotftp | Remote | Denial of Service
Feb 11, 2026 Feb 20, 2026
Feb 11, 2026
Feb 20, 2026
Showing 20 of 5090 Results