Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.0 MEDIUM
CVE-2025-11537 — Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie …

| Information Disclosure
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.5 HIGH
CVE-2026-2268 — Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Act…

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags…

ninja_forms | Remote | Information Disclosure
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
8.5 HIGH
CVE-2026-25656 — SINEC NMS Privilege Escalation Vulnerability

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration …

sinec_nms user_management_component | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
8.5 HIGH
CVE-2026-25655 — SINEC NMS Privilege Escalation Remote Code Execution Vulnerability

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow …

sinec_nms | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
8.8 HIGH
CVE-2026-24343 — Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended t…

hertzbeat | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-23906 — Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP au…

druid | Remote | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
2.5 LOW
CVE-2026-23901 — Apache Shiro: Brute force attack possible to determine valid user names

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the…

shiro | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
7.8 HIGH
CVE-2026-23720 — Femap Nastran OOB Read Code Execution Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23719 — Simcenter Femap/Simcenter Nastran Heap-Based Buffer Overflow Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while par…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23718 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Read Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23717 — Femap Nastran Out of Bounds Read Arbitrary Code Execution

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23716 — Simcenter Femap/Femapid Simcenter Nastran/Nastrapid Out-of-Bounds Read

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23715 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Write Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while …

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-22923 — "NX PDF Export Data Validation Remote Code Execution Vulnerability"

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with in…

nx nx | Information Disclosure
Feb 10, 2026 Feb 26, 2026
Feb 10, 2026
Feb 26, 2026
6.4 MEDIUM
CVE-2026-1922 — The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cros…

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.2 HIGH
CVE-2026-1866 — Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-En…

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitiza…

name_directory | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.6 HIGH
CVE-2025-40587 — Polarion Stored Cross-Site Scripting Vulnerability

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in docum…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.4 MEDIUM
CVE-2025-14895 — PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data De…

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to acce…

Remote | Authorization
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
6.3 MEDIUM
CVE-2024-52334 — "Siemens syngo.plaza Password Decryption Vulnerability"

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the or…

Remote | Cryptography
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2025-11242 — SSRF in Teknolist Computer's Okulistik

Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: t…

Remote | Server-Side Request Forgery
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
Showing 20 of 5067 Results