Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.4

    HIGH
    CVE-2026-28372

    telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIAL... Read more

    Affected Products : inetutils
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 5.1

    MEDIUM
    CVE-2026-27758

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious re... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Request Forgery
  • 7.1

    HIGH
    CVE-2026-27757

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session ca... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 6.1

    MEDIUM
    CVE-2026-27756

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting
  • 9.8

    CRITICAL
    CVE-2026-27755

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid crede... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 6.9

    MEDIUM
    CVE-2026-27754

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnera... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cryptography
  • 9.6

    CRITICAL
    CVE-2026-27510

    Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure
  • 8.5

    HIGH
    CVE-2026-27509

    Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthentic... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 4.9

    MEDIUM
    CVE-2026-26228

    VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal
  • 6.3

    MEDIUM
    CVE-2026-26227

    VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password (OTP) verification. The Remote Access Server uses a 4-digit OTP and doe... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 8.3

    HIGH
    CVE-2026-25554

    OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used... Read more

    Affected Products : opensips
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2026-22207

    OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protect... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization
  • 8.8

    HIGH
    CVE-2026-22206

    SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined wit... Read more

    Affected Products : spip
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection
  • 8.7

    HIGH
    CVE-2026-22205

    SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass ... Read more

    Affected Products : spip
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
  • 7.5

    HIGH
    CVE-2025-67445

    TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. Wh... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Feb. 24, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service
  • 8.2

    HIGH
    CVE-2025-40932

    Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cryptography
  • 7.0

    HIGH
    CVE-2026-27610

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under... Read more

    Affected Products : parse_dashboard
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Misconfiguration
  • 9.9

    CRITICAL
    CVE-2026-28363

    In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an... Read more

    Affected Products : openclaw
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization
  • 7.5

    HIGH
    CVE-2025-0976

    Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-0... Read more

    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure
  • 7.1

    HIGH
    CVE-2026-27611

    FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens becaus... Read more

    Affected Products : filebrowser_quantum
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication
Showing 20 of 4893 Results