Latest CVE Feed
-
7.2
HIGHCVE-2026-25743
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms a... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-25942
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value received fro... Read more
Affected Products : freerdp- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-27704
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package i... Read more
Affected Products : dart_software_development_kit- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Path Traversal
-
5.0
MEDIUMCVE-2026-27015
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client v... Read more
Affected Products : freerdp- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2026-25136
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.6
MEDIUMCVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt no... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Information Disclosure
-
9.2
CRITICALCVE-2026-0542
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. Se... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-1725
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.... Read more
Affected Products : gitlab- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2026-26955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surfac... Read more
Affected Products : freerdp- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-3200
A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. T... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2026-2694
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it p... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary... Read more
Affected Products : n8n- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-27950
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 impl... Read more
Affected Products : freerdp- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-27633
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exce... Read more
Affected Products : tinyweb- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently r... Read more
Affected Products : n8n- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
9.5
CRITICALCVE-2026-27493
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary ... Read more
Affected Products : n8n- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
9.0
CRITICALCVE-2026-27498
n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code executi... Read more
Affected Products : n8n- Published: Feb. 25, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encr... Read more
Affected Products : zitadel- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2026-27904
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (... Read more
Affected Products : minimatch- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Denial of Service
-
9.3
CRITICALCVE-2026-27969
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifes... Read more
Affected Products : vitess- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Path Traversal