Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.4

    HIGH
    CVE-2025-63946

    A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully expl... Read more

    Affected Products : pcmanager
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization
  • 7.1

    HIGH
    CVE-2025-68930

    Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket han... Read more

    Affected Products : traccar
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
  • 6.5

    MEDIUM
    CVE-2026-23521

    Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device `uniqueId` to an absolute path. When uploading a device image, Traccar uses th... Read more

    Affected Products : traccar
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal
  • 6.5

    MEDIUM
    CVE-2026-23969

    Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability... Read more

    Affected Products : superset
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection
  • 7.1

    HIGH
    CVE-2026-23984

    An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard ... Read more

    Affected Products : superset
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection
  • 8.7

    HIGH
    CVE-2026-25648

    Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by uploading malicious SVG files as device images. The appl... Read more

    Affected Products : traccar
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting
  • 4.9

    MEDIUM
    CVE-2026-3221

    Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access.... Read more

    Affected Products : devolutions_server
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cryptography
  • 10.0

    CRITICAL
    CVE-2026-2761

    Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration
  • 10.0

    CRITICAL
    CVE-2026-2760

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2026-2759

    Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2026-2758

    Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2026-2757

    Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 4.3

    MEDIUM
    CVE-2026-28296

    A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attack... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection
  • 4.3

    MEDIUM
    CVE-2026-28295

    A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect t... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Server-Side Request Forgery
  • 7.5

    HIGH
    CVE-2026-27831

    rldns is an open source DNS server. Version 2.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 7.7

    HIGH
    CVE-2026-27821

    GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHead... Read more

    Affected Products : gpac
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.8

    MEDIUM
    CVE-2026-27808

    Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an ema... Read more

    Affected Products : mailpit
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Server-Side Request Forgery
  • 5.1

    MEDIUM
    CVE-2026-27711

    NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory acces... Read more

    Affected Products : nanazip
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.1

    MEDIUM
    CVE-2026-27710

    NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s `.NET Single File Application` parser. A crafted bundle can force an integer unde... Read more

    Affected Products : nanazip
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Denial of Service
  • 5.1

    MEDIUM
    CVE-2026-27709

    NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provi... Read more

    Affected Products : nanazip
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4892 Results