Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-25846 — JetBrains YouTrack Mailbox Token Exposure Vulnerability

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

youtrack | Remote | Information Disclosure
Feb 09, 2026 Feb 18, 2026
Feb 09, 2026
Feb 18, 2026
6.5 MEDIUM
CVE-2026-24098 — Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not hav…

airflow | Remote | Information Disclosure
Feb 09, 2026 Mar 10, 2026
Feb 09, 2026
Mar 10, 2026
6.5 MEDIUM
CVE-2026-22922 — Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log…

airflow | Remote | Authorization
Feb 09, 2026 Feb 11, 2026
Feb 09, 2026
Feb 11, 2026
7.2 HIGH
CVE-2026-2227 — D-Link DCS-931L setSystemAdmin doSystem command injection

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injectio…

dcs-931l_firmware dcs-931l | Remote | Injection
Feb 09, 2026 Feb 23, 2026
Feb 09, 2026
Feb 23, 2026
7.2 HIGH
CVE-2026-2226 — DouPHP ZIP File file.php unrestricted upload

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_fil…

douphp douphp | Remote | Path Traversal
Feb 09, 2026 Feb 27, 2026
Feb 09, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-23903 — Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The …

shiro | Remote | Authentication
Feb 09, 2026 Feb 11, 2026
Feb 09, 2026
Feb 11, 2026
Showing 20 of 5386 Results