Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
5.8
MEDIUM
CVE-2026-25740
— Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` N…
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can …
|
Misconfiguration
Feb 09, 2026
Feb 09, 2026
Feb 09, 2026
Feb 09, 2026
7.5
HIGH
CVE-2026-25639
— Axios affected by Denial of Service via __proto__ Key in mergeConfig
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects…
Feb 09, 2026
Feb 18, 2026
Feb 09, 2026
Feb 18, 2026
5.8
MEDIUM
CVE-2026-25528
— LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP header…
Remote
|
Server-Side Request Forgery
Feb 09, 2026
Feb 09, 2026
Feb 09, 2026
Feb 09, 2026