Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-2650 — Google Chrome Heap Buffer Overflow

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

chrome edge_chromium | Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2026-2649 — Google Chrome V8 Integer Overflow Vulnerability

Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

chrome edge_chromium | Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.8 HIGH
CVE-2026-2648 — Google Chrome PDFium Heap Buffer Overflow Vulnerability

Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)

chrome edge_chromium | Remote | Memory Corruption
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.6 HIGH
CVE-2026-27182 — Saturn Remote Mouse Server UDP Command Injection RCE

Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. A…

| Injection
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
8.7 HIGH
CVE-2026-27181 — MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns …

majordomo majordomo | Remote | Authentication
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-27180 — MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning

MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() metho…

majordomo majordomo | Remote | Supply Chain
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-27179 — MajorDoMo Unauthenticated SQL Injection in Commands Module

MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parame…

majordomo majordomo | Remote | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.2 HIGH
CVE-2026-27178 — MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenti…

majordomo majordomo | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.2 HIGH
CVE-2026-27177 — MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. …

majordomo majordomo | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
6.1 MEDIUM
CVE-2026-27176 — MajorDoMo Reflected Cross-Site Scripting in command.php

MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via…

majordomo majordomo | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-27175 — MajorDoMo Command Injection in rc/index.php via Race Condition

MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double q…

majordomo majordomo | Remote | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-27174 — MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to conti…

majordomo majordomo | Remote | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-24744 — InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoiceP…

invoiceplane | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-24743 — InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of In…

invoiceplane | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
8.7 HIGH
CVE-2019-25401 — Bematech Printer MP-4200 TH Denial of Service

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malfo…

Remote | Denial of Service
Feb 18, 2026 Feb 19, 2026
Feb 18, 2026
Feb 19, 2026
5.4 MEDIUM
CVE-2019-25400 — IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters inc…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.4 MEDIUM
CVE-2019-25399 — IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID par…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25398 — IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. At…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25397 — IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. A…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25396 — IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attacker…

ipfire | Remote | Cross-Site Scripting
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
Showing 20 of 5068 Results