Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2025-14103 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-r…

gitlab | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.9 MEDIUM
CVE-2026-3221 — Devolutions Server Unencrypted User Account Information Vulnerability

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user infor…

devolutions_server | Remote | Cryptography
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
6.5 MEDIUM
CVE-2026-25930 — OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visit…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-25929 — OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.1 HIGH
CVE-2026-25927 — OpenEMR Missing Authorization Checks in DICOM Viewer State API

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.8 HIGH
CVE-2026-25746 — OpenEMR has SQL Injection Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be expl…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.2 HIGH
CVE-2026-25743 — OpenEMR has Stored XSS in Questionnaire answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("f…

openemr | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2026-25476 — OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when …

openemr | Remote | Authentication
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
6.5 MEDIUM
CVE-2026-25220 — OpenEMR Messages "Show All" Not Restricted to Admins

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25164 — OpenEMR's Document and Insurance REST Endpoints Skip ACL

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.9 CRITICAL
CVE-2026-24908 — OpenEMR has SQL Injection in Patient API Sort Parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-24890 — OpenEMR Portal Users Can Forge Provider Signatures

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature …

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-24487 — OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource en…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.6 HIGH
CVE-2026-24005 — OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The…

kruise | Remote | Server-Side Request Forgery
Feb 25, 2026 Mar 05, 2026
Feb 25, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-23627 — OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any a…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.0 HIGH
CVE-2026-3194 — Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes m…

blockchain | Authentication
Feb 25, 2026 Mar 05, 2026
Feb 25, 2026
Mar 05, 2026
7.5 HIGH
CVE-2026-27850 — Improper verification in Linksys MR9600, Linksys MX4200

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the lo…

mr9600_firmware mx4200_firmware | Remote | Misconfiguration
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.1 MEDIUM
CVE-2026-27795 — LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/commun…

langchain_community | Remote | Server-Side Request Forgery
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.6 MEDIUM
CVE-2026-27794 — LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable…

Remote | Information Disclosure
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.2 CRITICAL
CVE-2026-27739 — Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the An…

Remote | Server-Side Request Forgery
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 5068 Results