Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-25655 — SINEC NMS Privilege Escalation Remote Code Execution Vulnerability

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow …

sinec_nms | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
8.8 HIGH
CVE-2026-24343 — Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended t…

hertzbeat | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-23906 — Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP au…

druid | Remote | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
2.5 LOW
CVE-2026-23901 — Apache Shiro: Brute force attack possible to determine valid user names

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the…

shiro | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
7.8 HIGH
CVE-2026-23720 — Femap Nastran OOB Read Code Execution Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23719 — Simcenter Femap/Simcenter Nastran Heap-Based Buffer Overflow Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while par…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23718 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Read Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23717 — Femap Nastran Out of Bounds Read Arbitrary Code Execution

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23716 — Simcenter Femap/Femapid Simcenter Nastran/Nastrapid Out-of-Bounds Read

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23715 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Write Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while …

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-22923 — "NX PDF Export Data Validation Remote Code Execution Vulnerability"

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with in…

nx nx | Information Disclosure
Feb 10, 2026 Feb 26, 2026
Feb 10, 2026
Feb 26, 2026
6.4 MEDIUM
CVE-2026-1922 — The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cros…

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.2 HIGH
CVE-2026-1866 — Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-En…

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitiza…

name_directory | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.6 HIGH
CVE-2025-40587 — Polarion Stored Cross-Site Scripting Vulnerability

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in docum…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.4 MEDIUM
CVE-2025-14895 — PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data De…

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to acce…

Remote | Authorization
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
6.3 MEDIUM
CVE-2024-52334 — "Siemens syngo.plaza Password Decryption Vulnerability"

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the or…

Remote | Cryptography
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2025-11242 — SSRF in Teknolist Computer's Okulistik

Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: t…

Remote | Server-Side Request Forgery
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.3 MEDIUM
CVE-2026-1722 — WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary…

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the p…

Remote | Authorization
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.4 MEDIUM
CVE-2026-2099 — Flowring|AgentFlow - Stored Cross-Site Scripting

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upo…

agentflow | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
6.1 MEDIUM
CVE-2026-2098 — Flowring|AgentFlow - Reflected Cross-site Scripting

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing …

agentflow | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
Showing 20 of 5090 Results