Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.2 CRITICAL
CVE-2026-0542 — Remote Code Execution in ServiceNow AI Platform

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, t…

Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.5 HIGH
CVE-2025-14511 — Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause deni…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
5.5 MEDIUM
CVE-2026-2636 — Denial of Service in Microsoft OS

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces…

| Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25941 — FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the Fr…

freerdp | Remote | Information Disclosure
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-25736 — Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attri…

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-25735 — Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-25734 — Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.3 HIGH
CVE-2026-25733 — Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 ha…

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-25138 — Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, t…

rucio | Remote | Authentication
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.1 HIGH
CVE-2026-25136 — Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability …

rucio | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.0 CRITICAL
CVE-2026-22720 — VMware Aria Operations stored cross-site scripting vulnerability

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actio…

cloud_foundation aria_operations telco_cloud_platform telco_cloud_infrastructure | Remote | Cross-Site Scripting
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
8.1 HIGH
CVE-2026-22719 — Broadcom VMware Aria Operations Command Injection Vulnerability - [Actively Exploited]

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VM…

cloud_foundation aria_operations telco_cloud_platform telco_cloud_infrastructure | CISA KEV Remote | Injection
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2025-3525 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authe…

gitlab | Remote | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2025-14103 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-r…

gitlab | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.9 MEDIUM
CVE-2026-3221 — Devolutions Server Unencrypted User Account Information Vulnerability

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user infor…

devolutions_server | Remote | Cryptography
Feb 25, 2026 Feb 28, 2026
Feb 25, 2026
Feb 28, 2026
6.5 MEDIUM
CVE-2026-25930 — OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visit…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-25929 — OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.1 HIGH
CVE-2026-25927 — OpenEMR Missing Authorization Checks in DICOM Viewer State API

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a…

openemr | Remote | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
8.8 HIGH
CVE-2026-25746 — OpenEMR has SQL Injection Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be expl…

openemr | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.2 HIGH
CVE-2026-25743 — OpenEMR has Stored XSS in Questionnaire answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("f…

openemr | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 5313 Results