Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-64999

    Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be ac... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-28138

    Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-28136

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-28132

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-28131

    Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2026-28083

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-1698

    A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability onl... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1697

    The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2026-1696

    Some HTTP security headers are not properly set by the web server when sending responses to the client application.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-1695

    An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from a... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2026-1694

    HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It u... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-1693

    The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might al... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-1692

    A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a s... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 6.2

    MEDIUM
    CVE-2025-14963

    A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the c... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 5.0

    MEDIUM
    CVE-2026-27900

    The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2026-25191

    The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be execut... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2026-23703

    The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-1311

    The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upl... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-2356

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missi... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2026-27975

    Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.... Read more

    Affected Products : ajenti
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
Showing 20 of 4945 Results