Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2025-33250 — NVIDIA NeMo Framework Remote Code Execution Vulnerability

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informa…

nemo | Information Disclosure
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.8 HIGH
CVE-2025-33249 — NVIDIA NeMo Framework Code Injection Vulnerability

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of th…

nemo | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.8 HIGH
CVE-2025-33246 — NVIDIA NeMo Framework Command Injection Vulnerability

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A …

nemo | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
8.8 HIGH
CVE-2025-33245 — NVIDIA NeMo Framework Remote Code Execution Vulnerability

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privilege…

nemo | Remote | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.8 HIGH
CVE-2025-33243 — NVIDIA NeMo Framework Remote Code Execution Vulnerability

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution…

nemo | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.8 HIGH
CVE-2025-33241 — NVIDIA NeMo Framework Remote Code Execution Vulnerability

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code…

nemo | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.8 HIGH
CVE-2025-33240 — NVIDIA Megatron Bridge Code Injection Vulnerability

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code executi…

megatron-bridge | Injection
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
7.8 HIGH
CVE-2025-33239 — NVIDIA Megatron Bridge Code Injection Vulnerability

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution…

megatron-bridge | Injection
Feb 18, 2026 Feb 26, 2026
Feb 18, 2026
Feb 26, 2026
7.8 HIGH
CVE-2025-33236 — NVIDIA NeMo Framework Code Injection Vulnerability

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalat…

nemo | Injection
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
7.3 HIGH
CVE-2025-14340 — Admin Account Takeover via malicious URL payload

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payl…

Remote | Cross-Site Scripting
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
4.3 MEDIUM
CVE-2026-2386 — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu,…

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and incl…

Remote | Authorization
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
3.7 LOW
CVE-2026-1582 — WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Jug…

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type jugglin…

Remote | Authentication
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
6.5 MEDIUM
CVE-2026-1317 — WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+)…

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `fi…

Remote | Injection
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
4.9 MEDIUM
CVE-2025-8781 — Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+)…

The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escapin…

bookster | Remote | Injection
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
5.3 MEDIUM
CVE-2025-7630 — OTP Password Brute Forcing in DorukNet's Wispotter

Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing,…

Remote | Authentication
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
6.5 MEDIUM
CVE-2025-14799 — Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization By…

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use o…

Remote | Authorization
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
7.8 HIGH
CVE-2026-2653 — admesh normals.c stl_check_normal_vector heap-based overflow

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer o…

admesh | Memory Corruption
Feb 18, 2026 Feb 20, 2026
Feb 18, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-2426 — WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary F…

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insu…

wp-downloadmanager | Remote | Path Traversal
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
6.5 MEDIUM
CVE-2026-1942 — Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authe…

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in …

blog2social | Remote | Authorization
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
5.3 MEDIUM
CVE-2025-14444 — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login…

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticit…

registrationmagic | Remote | Authentication
Feb 18, 2026 Feb 18, 2026
Feb 18, 2026
Feb 18, 2026
Showing 20 of 5081 Results