Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-2037 — GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerabil…

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Arc…

archiver | Authentication
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-2036 — GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerabi…

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Ar…

archiver | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.8 MEDIUM
CVE-2026-2035 — Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerab…

Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation…

| Injection
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.8 HIGH
CVE-2026-2034 — Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerabili…

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DI…

dicom_viewer_pro | Memory Corruption
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
8.1 HIGH
CVE-2026-2033 — MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnera…

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLfl…

mlflow | Path Traversal
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.9 MEDIUM
CVE-2026-27133 — Strimzi All CAs from CA chain will be trusted in Kafka Connect and Kafka MirrorMaker 2 ta…

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificat…

strimzi_kafka_operator strimzi | Remote | Authentication
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
6.8 MEDIUM
CVE-2026-27125 — Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e.g. <div {...attrs}>) enumerates inherited properties from the object's prototy…

svelte | Remote | Misconfiguration
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-27122 — Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted i…

svelte | Remote | Injection
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-27121 — Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes …

svelte | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-27119 — Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially a…

svelte | Remote | Injection
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.2 HIGH
CVE-2019-25454 — phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter

phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GE…

phpmoadmin | Remote | Cross-Site Scripting
Feb 20, 2026 Mar 02, 2026
Feb 20, 2026
Mar 02, 2026
6.1 MEDIUM
CVE-2019-25453 — phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php

phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URL…

phpmoadmin | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2019-25451 — phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticate…

phpmoadmin | Remote | Cross-Site Request Forgery
Feb 20, 2026 Mar 02, 2026
Feb 20, 2026
Mar 02, 2026
6.1 MEDIUM
CVE-2019-25449 — OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can s…

orientdb | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.4 MEDIUM
CVE-2019-25448 — OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Atta…

orientdb | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
5.3 MEDIUM
CVE-2019-25447 — OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /databas…

orientdb | Remote | Cross-Site Request Forgery
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2019-25441 — thesystem 1.0 Command Injection via run_command endpoint

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attacker…

password_management_application | Remote | Injection
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25438 — LabCollector 5.423 SQL Injection via login.php

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attacker…

labcollector | Remote | Injection
Feb 20, 2026 Mar 02, 2026
Feb 20, 2026
Mar 02, 2026
6.7 MEDIUM
CVE-2019-25437 — Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attacker…

| Memory Corruption
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2019-25436 — Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attacker…

deviceviewer | Remote | Authentication
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
Showing 20 of 5066 Results