Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2025-6967 — Authentication Bypass in Sarman Soft's CMS

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.Th…

Remote | Authentication
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.8 HIGH
CVE-2025-15570 — ckolivas lrzip stream.c lzma_decompress_buf use after free

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is …

lrzip | Memory Corruption
Feb 10, 2026 Feb 27, 2026
Feb 10, 2026
Feb 27, 2026
7.3 HIGH
CVE-2025-15569 — Artifex MuPDF win_main.c get_system_dpi uncontrolled search path

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search p…

mupdf | Path Traversal
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.0 MEDIUM
CVE-2025-11537 — Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie …

| Information Disclosure
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.5 HIGH
CVE-2026-2268 — Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Act…

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags…

ninja_forms | Remote | Information Disclosure
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
8.5 HIGH
CVE-2026-25656 — SINEC NMS Privilege Escalation Vulnerability

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration …

sinec_nms user_management_component | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
8.5 HIGH
CVE-2026-25655 — SINEC NMS Privilege Escalation Remote Code Execution Vulnerability

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow …

sinec_nms | Misconfiguration
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
8.8 HIGH
CVE-2026-24343 — Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended t…

hertzbeat | Remote | Injection
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-23906 — Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP au…

druid | Remote | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
2.5 LOW
CVE-2026-23901 — Apache Shiro: Brute force attack possible to determine valid user names

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the…

shiro | Authentication
Feb 10, 2026 Feb 12, 2026
Feb 10, 2026
Feb 12, 2026
7.8 HIGH
CVE-2026-23720 — Femap Nastran OOB Read Code Execution Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23719 — Simcenter Femap/Simcenter Nastran Heap-Based Buffer Overflow Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while par…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23718 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Read Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23717 — Femap Nastran Out of Bounds Read Arbitrary Code Execution

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23716 — Simcenter Femap/Femapid Simcenter Nastran/Nastrapid Out-of-Bounds Read

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while p…

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-23715 — Simcenter Femap/Simcenter Nastran Out-of-Bounds Write Vulnerability

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while …

simcenter_femap simcenter_nastran | Memory Corruption
Feb 10, 2026 Feb 11, 2026
Feb 10, 2026
Feb 11, 2026
7.8 HIGH
CVE-2026-22923 — "NX PDF Export Data Validation Remote Code Execution Vulnerability"

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with in…

nx nx | Information Disclosure
Feb 10, 2026 Feb 26, 2026
Feb 10, 2026
Feb 26, 2026
6.4 MEDIUM
CVE-2026-1922 — The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cros…

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.2 HIGH
CVE-2026-1866 — Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-En…

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitiza…

name_directory | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
7.6 HIGH
CVE-2025-40587 — Polarion Stored Cross-Site Scripting Vulnerability

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in docum…

Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
Showing 20 of 5070 Results