Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2026-25743

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms a... Read more

    Affected Products : openemr
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-25942

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value received fro... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2026-27704

    The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package i... Read more

    Affected Products : dart_software_development_kit
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal

  • 5.0

    MEDIUM
    CVE-2026-27015

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client v... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2026-25136

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2026-27794

    LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt no... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2026-0542

    ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.    Se... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1725

    GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.... Read more

    Affected Products : gitlab
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-26955

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surfac... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-3200

    A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. T... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-2694

    The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it p... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2026-27495

    n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary... Read more

    Affected Products : n8n
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-27950

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 impl... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-27633

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exce... Read more

    Affected Products : tinyweb
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-27494

    n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently r... Read more

    Affected Products : n8n
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.5

    CRITICAL
    CVE-2026-27493

    n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary ... Read more

    Affected Products : n8n
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2026-27498

    n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code executi... Read more

    Affected Products : n8n
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2026-27840

    ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encr... Read more

    Affected Products : zitadel
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-27904

    minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (... Read more

    Affected Products : minimatch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2026-27969

    Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifes... Read more

    Affected Products : vitess
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4933 Results