Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-25735 — Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-25734 — Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.3 HIGH
CVE-2026-25733 — Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-25138 — Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, t…

rucio | Remote | Authentication
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25136 — Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability …

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.0 CRITICAL
CVE-2026-22720 — VMware Aria Operations stored cross-site scripting vulnerability

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actio…

cloud_foundation aria_operations telco_cloud_platform telco_cloud_infrastructure | Remote | Cross-Site Scripting
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
8.1 HIGH
CVE-2026-22719 — Broadcom VMware Aria Operations Command Injection Vulnerability - [Actively Exploited]

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VM…

cloud_foundation aria_operations telco_cloud_platform telco_cloud_infrastructure | CISA KEV Remote | Injection
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2025-3525 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authe…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2025-14103 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-r…

gitlab | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.9 MEDIUM
CVE-2026-3221 — Devolutions Server Unencrypted User Account Information Vulnerability

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user infor…

devolutions_server | Remote | Cryptography
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
6.5 MEDIUM
CVE-2026-25930 — OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visit…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-25929 — OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.1 HIGH
CVE-2026-25927 — OpenEMR Missing Authorization Checks in DICOM Viewer State API

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.8 HIGH
CVE-2026-25746 — OpenEMR has SQL Injection Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be expl…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.2 HIGH
CVE-2026-25743 — OpenEMR has Stored XSS in Questionnaire answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("f…

openemr | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2026-25476 — OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when …

openemr | Remote | Authentication
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
6.5 MEDIUM
CVE-2026-25220 — OpenEMR Messages "Show All" Not Restricted to Admins

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25164 — OpenEMR's Document and Insurance REST Endpoints Skip ACL

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.9 CRITICAL
CVE-2026-24908 — OpenEMR has SQL Injection in Patient API Sort Parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-24890 — OpenEMR Portal Users Can Forge Provider Signatures

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature …

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 5272 Results