Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-24946

    Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for W... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-13108

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-33124

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2333

    Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.... Read more

    Affected Products : opds-talon opds-100 opds-1000
    • Published: Feb. 20, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2026-26333

    Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binary for... Read more

    Affected Products : verasmart
    • Published: Feb. 13, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2026-26334

    Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settin... Read more

    Affected Products : verasmart
    • Published: Feb. 13, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2026-26335

    Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft ... Read more

    Affected Products : verasmart
    • Published: Feb. 13, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2026-26366

    eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentia... Read more

    Affected Products : enet_smart_home
    • Published: Feb. 15, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2026-26367

    eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin ac... Read more

    Affected Products : enet_smart_home
    • Published: Feb. 15, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-33239

    NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and ... Read more

    Affected Products : megatron-bridge
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-33240

    NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, an... Read more

    Affected Products : megatron-bridge
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-70063

    The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated pati... Read more

    Affected Products : hospital_management_system
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-10256

    A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a vi... Read more

    Affected Products : ffmpeg
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-12343

    A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memor... Read more

    Affected Products : ffmpeg
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2019-25355

    gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests wit... Read more

    Affected Products : gsoap
    • Published: Feb. 18, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-3263

    A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-3262

    A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-3261

    A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated r... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2026-2914

    CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-2799

    Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4915 Results