Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-25956 — Frappe Affected by XSS and Open Redirect in Sign Up

Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XS…

frappe | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 17, 2026
Feb 10, 2026
Feb 17, 2026
8.8 HIGH
CVE-2026-25947 — Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management control…

worklenz | Remote | Injection
Feb 10, 2026 Feb 23, 2026
Feb 10, 2026
Feb 23, 2026
8.0 HIGH
CVE-2026-25805 — Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invok…

zed | Remote | Information Disclosure
Feb 10, 2026 Feb 19, 2026
Feb 10, 2026
Feb 19, 2026
9.3 CRITICAL
CVE-2026-25728 — ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Co…

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image u…

clipbucket | Remote | Race Condition
Feb 10, 2026 Feb 18, 2026
Feb 10, 2026
Feb 18, 2026
8.3 HIGH
CVE-2026-25646 — LIBPNG has a heap buffer overflow in png_set_quantize

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists…

libpng | Remote | Memory Corruption
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
7.1 HIGH
CVE-2026-25612 — Internal ResourceId collision may affect unrelated collections

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this re…

mongodb | Remote | Denial of Service
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
8.7 HIGH
CVE-2026-25611 — Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

mongodb | Remote | Denial of Service
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.5 HIGH
CVE-2026-25577 — Emmett has an Unhandled CookieError Exception Causing Denial of Service

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malf…

Remote | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.3 HIGH
CVE-2026-24045 — Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserti…

docmost | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-23655 — Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

microsoft_aci_confidential_containers confidential_sidecar_containers | Remote | Information Disclosure
Feb 10, 2026 Feb 25, 2026
Feb 10, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-21537 — Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

defender_for_endpoint | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21533 — Microsoft Windows Improper Privilege Management Vulnerability - [Actively Exploited]

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Authorization
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-21531 — Azure SDK for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

azure_ai_language_authoring azure_conversation_authoring_client_library | Remote | Injection
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
5.7 MEDIUM
CVE-2026-21529 — Azure HDInsight Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

azure_hdinsights azure_hdinsight | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-21528 — Azure IoT Explorer Information Disclosure Vulnerability

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

azure_iot_explorer | Remote | Information Disclosure
Feb 10, 2026 Feb 19, 2026
Feb 10, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-21527 — Microsoft Exchange Server Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

exchange_server exchange_server_se exchange_server_2019 exchange_server_2016 | Remote | Authentication
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.2 MEDIUM
CVE-2026-21525 — Microsoft Windows NULL Pointer Dereference Vulnerability - [Actively Exploited]

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 +10 more | CISA KEV | Denial of Service
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
8.0 HIGH
CVE-2026-21523 — GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

visual_studio_code visual_studio_code_copilot_chat_extension | Remote | Race Condition
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
6.7 MEDIUM
CVE-2026-21522 — Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

microsoft_aci_confidential_containers confcom | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-21519 — Microsoft Windows Type Confusion Vulnerability - [Actively Exploited]

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 +8 more | CISA KEV | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
Showing 20 of 5088 Results