Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.7 MEDIUM
CVE-2026-22613 — Eaton Network M3 Firmware Man-in-the-middle Attack

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security is…

Remote | Misconfiguration
Feb 09, 2026 Feb 09, 2026
Feb 09, 2026
Feb 09, 2026
6.3 MEDIUM
CVE-2026-2215 — rachelos WeRSS we-mp-rss JWT auth.py default key

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of th…

Remote | Cryptography
Feb 09, 2026 Feb 09, 2026
Feb 09, 2026
Feb 09, 2026
4.8 MEDIUM
CVE-2026-2214 — code-projects for Plugin AdminAddAlbum.php cross site scripting

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross …

online_music_site | Remote | Cross-Site Scripting
Feb 09, 2026 Feb 12, 2026
Feb 09, 2026
Feb 12, 2026
7.2 HIGH
CVE-2026-2213 — code-projects Online Music Site AdminAddAlbum.php unrestricted upload

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of …

online_music_site | Remote | Misconfiguration
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-1615 — Jsonpath Arbitrary Code Injection Vulnerability

Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to …

Remote | Injection
Feb 09, 2026 Feb 23, 2026
Feb 09, 2026
Feb 23, 2026
7.5 HIGH
CVE-2025-66598 — Yokogawa Electric Corporation FAST/TOOLS SSL/TLS Decryption Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with …

fast\/tools | Remote | Cryptography
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
8.8 HIGH
CVE-2025-66597 — Yokogawa Electric Corporation FAST/TOOLS Weak Cryptography Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communicati…

fast\/tools | Remote | Cryptography
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2025-66596 — Yokogawa Electric Corporation FAST/TOOLS Host Header Injection Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, us…

fast\/tools | Remote | Misconfiguration
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
6.3 MEDIUM
CVE-2025-66595 — Yokogawa Electric Corporation FAST/TOOLS CSRF Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an a…

fast\/tools | Remote | Cross-Site Request Forgery
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2025-66594 — Yokogawa Electric Corporation FAST/TOOLS Information Disclosure Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for othe…

fast\/tools | Remote | Information Disclosure
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
9.8 CRITICAL
CVE-2026-2212 — code-projects Online Music Site AdminEditCategory.php sql injection

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulatio…

online_music_site | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2211 — code-projects Online Music Site AdminDeleteCategory.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument…

online_music_site | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
8.7 HIGH
CVE-2025-66608 — Yokogawa Electric Corporation FAST/TOOLS URL Validation Remote File Disclosure

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal fil…

fast\/tools | Remote | Server-Side Request Forgery
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
6.3 MEDIUM
CVE-2025-66607 — Yokogawa Electric Corporation FAST/TOOLS Open Redirect Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacke…

fast\/tools | Remote | Misconfiguration
Feb 09, 2026 Mar 06, 2026
Feb 09, 2026
Mar 06, 2026
9.6 CRITICAL
CVE-2025-66606 — Yokogawa Electric Corporation FAST/TOOLS URL Encoding Vulnerability (Cross-Site Scripting)

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scr…

fast\/tools | Remote | Cross-Site Scripting
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
5.3 MEDIUM
CVE-2025-66605 — Yokogawa Electric Corporation FAST/TOOLS Autocomplete Stored XSS

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content coul…

fast\/tools | Remote | Information Disclosure
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
5.3 MEDIUM
CVE-2025-66604 — Yokogawa Electric Corporation FAST/TOOLS Information Disclosure Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker f…

fast\/tools | Remote | Information Disclosure
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2025-66603 — Yokogawa Electric Corporation FAST/TOOLS OPTIONS Method Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out o…

fast\/tools | Remote | Information Disclosure
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2025-66602 — Yokogawa Electric Corporation FAST/TOOLS Remote IP Address Guessing Vulnerability

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes in…

fast\/tools | Remote | Misconfiguration
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
6.3 MEDIUM
CVE-2025-66601 — Yokogawa Electric Corporation FAST/TOOLS MIME Type Vulnerability (Remote Code Execution)

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scr…

fast\/tools | Remote | Misconfiguration
Feb 09, 2026 Mar 05, 2026
Feb 09, 2026
Mar 05, 2026
Showing 20 of 5073 Results