Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
4.3
MEDIUM
CVE-2025-69752
— Ideagen Q-Pulse Authentication Bypass
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in …
Remote
|
Authorization
Feb 12, 2026
Feb 18, 2026
Feb 12, 2026
Feb 18, 2026
9.0
CRITICAL
CVE-2025-69634
— Dolibarr ERP & CRM CSRF Privilege Escalation
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who in…
Remote
|
Cross-Site Request Forgery
Feb 12, 2026
Feb 14, 2026
Feb 12, 2026
Feb 14, 2026
6.5
MEDIUM
CVE-2025-56647
— Farmfe Core Origin Validation Bypass (WebSocket)
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows atta…
Remote
|
Misconfiguration
Feb 12, 2026
Feb 13, 2026
Feb 12, 2026
Feb 13, 2026