Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-2807

    Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2793

    Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2792

    Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2777

    Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-2321

    Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : linux_kernel chrome macos windows
    • Published: Feb. 11, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2026-27846

    Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network  to gain access to sensitive information, including the password for admin access to the web interface a... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-25930

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verif... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-25929

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verifying ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-25927

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the docum... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-25746

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exis... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-25743

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms a... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-25476

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2026-25220

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal m... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2026-25164

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2026-24908

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrar... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2026-24890

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2026-24487

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 0.0

    NONE
    CVE-2026-24005

    Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.4

    HIGH
    CVE-2026-23627

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, lead... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2026-20658

    A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization
Showing 20 of 4923 Results