Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-24302 — Azure Arc Elevation of Privilege Vulnerability

Azure Arc Elevation of Privilege Vulnerability

azure_arc | Remote
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
9.8 CRITICAL
CVE-2026-24300 — Azure Front Door Elevation of Privilege Vulnerability

Azure Front Door Elevation of Privilege Vulnerability

azure_front_door
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
8.2 HIGH
CVE-2026-21532 — Azure Function Information Disclosure Vulnerability

Azure Function Information Disclosure Vulnerability

azure_functions
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
6.5 MEDIUM
CVE-2026-0391 — Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

edge_chromium
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
3.7 LOW
CVE-2025-68458 — webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-ti…

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out…

webpack | Remote | Server-Side Request Forgery
Feb 05, 2026 Feb 13, 2026
Feb 05, 2026
Feb 13, 2026
3.7 LOW
CVE-2025-68157 — webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu…

webpack | Remote | Server-Side Request Forgery
Feb 05, 2026 Feb 13, 2026
Feb 05, 2026
Feb 13, 2026
8.7 HIGH
CVE-2025-32393 — AutoGPT has a DoS vulnerability in ReadRSSFeedBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS…

autogpt_platform | Remote | Denial of Service
Feb 05, 2026 Feb 17, 2026
Feb 05, 2026
Feb 17, 2026
3.2 LOW
CVE-2026-25815 — Fortinet FortiOS LDAP Credentials Decryption Vulnerability

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key…

fortios | Cryptography
Feb 05, 2026 Feb 06, 2026
Feb 05, 2026
Feb 06, 2026
6.1 MEDIUM
CVE-2026-1970 — Edimax BR-6258n formStaDrvSetup redirect

A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redi…

br-6258n_firmware br-6258n | Remote | Information Disclosure
Feb 05, 2026 Feb 20, 2026
Feb 05, 2026
Feb 20, 2026
5.3 MEDIUM
CVE-2026-1964 — WeKan REST Endpoint boards.js BoardTitleRESTBleed access control

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Re…

wekan | Remote | Authorization
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
Showing 20 of 5090 Results