Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2024-1524 — A local user can be impersonated when using federated authentication with Silent JIT Prov…

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account p…

api_manager identity_server wso2_identity_server wso2_api_manager | Remote | Authentication
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-1229 — Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signi…

circl | Remote | Cryptography
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
9.1 CRITICAL
CVE-2025-40541 — SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerabi…

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requir…

serv-u | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40540 — SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative p…

serv-u | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40539 — SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative p…

serv-u | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40538 — SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via d…

serv-u | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
4.3 MEDIUM
CVE-2026-24314 — Information Disclosure vulnerability in S/4HANA (Manage Payment Media)

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality …

s\/4hana_uiapfi70 s\/4hana_uis4h | Remote | Authorization
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-15589 — MuYuCMS Template Management Template.php delete_dir_file path traversal

A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulat…

muyucms | Remote | Path Traversal
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
8.8 HIGH
CVE-2025-15386 — Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment wit…

responsive_lightbox | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
6.1 MEDIUM
CVE-2026-3070 — SourceCodester Modern Image Gallery App upload.php cross site scripting

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filena…

modern_image_gallery_app | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2026-3069 — itsourcecode Document Management System edtlbls.php sql injection

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to s…

document_management_system document_management_system | Remote | Injection
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
Showing 20 of 5991 Results