Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-26955 — FreeRDP has Out-of-bounds Write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
5.5 MEDIUM
CVE-2026-26271 — Buffer Overread in FreeRDP Icon Processing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by cra…

freerdp | Remote
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-25997 — FreeRDP has heap-use-after-free in xf_clipboard_format_equal

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called …

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-25959 — FreeRDP has heap-use-after-free in xf_cliprdr_provide_data_

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread ca…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-25955 — FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surfa…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2026-25954 — FreeRDP has heap-use-after-free in xf_rail_server_local_move_size

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` retu…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-25953 — FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (freed appWindow)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-25952 — FreeRDP has heap-use-after-free in xf_SetWindowMinMaxInfo

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_…

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2026-25942 — FreeRDP has global-buffer-overflow in xf_rail_server_execute_result

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with …

freerdp | Remote | Memory Corruption
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.2 HIGH
CVE-2026-22721 — VMware Aria Operations privilege escalation vulnerability

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative a…

cloud_foundation aria_operations telco_cloud_platform telco_cloud_infrastructure | Remote | Authorization
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
4.3 MEDIUM
CVE-2026-1747 — Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-ro…

gitlab | Remote | Authorization
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
7.5 HIGH
CVE-2026-1725 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sendi…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
7.5 HIGH
CVE-2026-1662 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Deni…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
7.5 HIGH
CVE-2026-1388 — Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regul…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
8.0 HIGH
CVE-2026-0752 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unaut…

gitlab | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
9.2 CRITICAL
CVE-2026-0542 — Remote Code Execution in ServiceNow AI Platform

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, t…

Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2025-14511 — Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause deni…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
5.5 MEDIUM
CVE-2026-2636 — Denial of Service in Microsoft OS

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces…

| Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25941 — FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the Fr…

freerdp | Remote | Information Disclosure
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-25736 — Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attri…

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 5272 Results