Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-25507 — ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transpo…

esp-idf | Memory Corruption
Feb 04, 2026 Feb 20, 2026
Feb 04, 2026
Feb 20, 2026
9.1 CRITICAL
CVE-2026-25139 — RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragm…

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-…

riot | Remote | Memory Corruption
Feb 04, 2026 Feb 20, 2026
Feb 04, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-23624 — GLPI is vulnerable to session stealing on externally authenticated user change

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can ste…

glpi | Remote | Authentication
Feb 04, 2026 Feb 06, 2026
Feb 04, 2026
Feb 06, 2026
9.1 CRITICAL
CVE-2026-22247 — GLPI is Vulnerable to SSRF via Webhooks

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched i…

glpi | Remote | Server-Side Request Forgery
Feb 04, 2026 Feb 06, 2026
Feb 04, 2026
Feb 06, 2026
8.8 HIGH
CVE-2026-22044 — GLPI is Vulnerable to Authenticated SQL Injection

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.

glpi | Remote | Injection
Feb 04, 2026 Feb 06, 2026
Feb 04, 2026
Feb 06, 2026
9.4 CRITICAL
CVE-2026-21893 — n8n Vulnerable to Command Injection in Community Package Installation

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The…

n8n | Remote | Injection
Feb 04, 2026 Feb 20, 2026
Feb 04, 2026
Feb 20, 2026
8.8 HIGH
CVE-2025-69215 — OpenSTAManager has an SQL Injection in the Stampe Module

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of public…

openstamanager | Remote | Injection
Feb 04, 2026 Feb 18, 2026
Feb 04, 2026
Feb 18, 2026
8.8 HIGH
CVE-2025-69213 — OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when ha…

openstamanager | Remote | Injection
Feb 04, 2026 Feb 18, 2026
Feb 04, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2025-64712 — Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File W…

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path tra…

unstructured | Remote | Path Traversal
Feb 04, 2026 Feb 27, 2026
Feb 04, 2026
Feb 27, 2026
Showing 20 of 5149 Results