Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-56605

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allo... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2026-1334

    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially ... Read more

    Affected Products : solidworks_edrawings
    • Published: Feb. 16, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-1335

    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially... Read more

    Affected Products : solidworks_edrawings
    • Published: Feb. 16, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-1333

    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a ... Read more

    Affected Products : solidworks_edrawings
    • Published: Feb. 16, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-27904

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that th... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-27903

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2026-25603

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the... Read more

    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2026-27156

    NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgGrid.run_grid_method()`, `EChart.run_chart_method()`, and others) use an `eval()` fallback in the... Read more

    Affected Products : nicegui
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2026-2459

    A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.... Read more

    Affected Products : reb500_firmware reb500
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27900

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability ... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2026-2460

    A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.... Read more

    Affected Products : reb500_firmware reb500
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-1787

    Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined wi... Read more

    Affected Products : genetec_update_service
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2026-26721

    An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2026-26938

    Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2026-26722

    An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2026-26723

    Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-1789

    Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.... Read more

    Affected Products : genetec_update_service
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2026-26724

    Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-26937

    Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2026-26340

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resu... Read more

    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
Showing 20 of 4873 Results