Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-27754 — SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predicta…

Remote | Cryptography
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
5.0 MEDIUM
CVE-2026-22716 — VMware Workstation out-of-bounds write vulnerability

Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.

workstation | Information Disclosure
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.9 MEDIUM
CVE-2026-27753 — SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management inter…

Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2026-27752 — SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe netw…

Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-27751 — SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attack…

Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.3 HIGH
CVE-2026-26862 — CleverTap Web SDK DOM-Based XSS

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuil…

Remote | Cross-Site Scripting
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.3 HIGH
CVE-2026-26861 — CleverTap Web SDK Cross-Site Scripting (XSS)

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/native…

Remote | Cross-Site Scripting
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
2.0 LOW
CVE-2026-21619 — Unsafe Deserialization of Erlang Terms in hex_core

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Obje…

rebar3 hex_core hex | Remote | Denial of Service
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25497 — osCommerce 2.3.4.1 SQL Injection via currency Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send…

oscommerce | Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25496 — osCommerce 2.3.4.1 SQL Injection via products_id Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can m…

oscommerce | Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25495 — osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can se…

oscommerce | Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25494 — Homey BNB V4 SQL Injection Authentication Bypass via Admin Panel

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and passwor…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25493 — Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET req…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25492 — Homey BNB V4 SQL Injection via getcmsdata.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requ…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25491 — Homey BNB V4 SQL Injection via cms_getpagetitle.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET req…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25490 — Homey BNB V4 SQL Injection via admin edit.php

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET reque…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2019-25489 — Homey BNB V4 SQL Injection via ajax_refresh_subtotal

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET…

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.2 HIGH
CVE-2026-2293 — NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.…

nest.js | Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
7.1 HIGH
CVE-2026-25147 — OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is ta…

openemr | Remote | Authorization
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-24488 — OpenEMR Vulnerable to Arbitrary File Exfiltration via Fax Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax…

openemr | Remote | Path Traversal
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
Showing 20 of 4840 Results