Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-25612 — Internal ResourceId collision may affect unrelated collections

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this re…

mongodb | Remote | Denial of Service
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
8.7 HIGH
CVE-2026-25611 — Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

mongodb | Remote | Denial of Service
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.5 HIGH
CVE-2026-25577 — Emmett has an Unhandled CookieError Exception Causing Denial of Service

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malf…

Remote | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.3 HIGH
CVE-2026-24045 — Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserti…

docmost | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-23655 — Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

microsoft_aci_confidential_containers confidential_sidecar_containers | Remote | Information Disclosure
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-21537 — Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

defender_for_endpoint | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21533 — Microsoft Windows Improper Privilege Management Vulnerability - [Actively Exploited]

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-21531 — Azure SDK for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

azure_ai_language_authoring azure_conversation_authoring_client_library | Remote | Injection
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
5.7 MEDIUM
CVE-2026-21529 — Azure HDInsight Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

azure_hdinsights azure_hdinsight | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-21528 — Azure IoT Explorer Information Disclosure Vulnerability

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

azure_iot_explorer | Remote | Information Disclosure
Feb 10, 2026 Feb 19, 2026
Feb 10, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-21527 — Microsoft Exchange Server Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

exchange_server exchange_server_se exchange_server_2019 exchange_server_2016 | Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.2 MEDIUM
CVE-2026-21525 — Microsoft Windows NULL Pointer Dereference Vulnerability - [Actively Exploited]

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.0 HIGH
CVE-2026-21523 — GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Race Condition
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.7 MEDIUM
CVE-2026-21522 — Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

microsoft_aci_confidential_containers confcom | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21519 — Microsoft Windows Type Confusion Vulnerability - [Actively Exploited]

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 +8 more | CISA KEV | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21518 — GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a networ…

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Injection
Feb 10, 2026 Feb 23, 2026
Feb 10, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-21517 — Windows App for Mac Installer Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

windows_app windows_app_for_mac | Path Traversal
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-21516 — GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

gihub_copilot_plugin_for_jetbrains_ides github_copilot | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21514 — Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability -…

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021 | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-21513 — Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability - [Actively Exploit…

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
Showing 20 of 5091 Results