Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-1772 — RTU500 Web Interface Information Disclosure

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser developme…

rtu520_firmware rtu530_firmware rtu540_firmware rtu560_firmware rtu520 rtu530 +2 more | Remote | Information Disclosure
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2025-14577 — PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/…

ncp_firmware ncp_server_cm300p ncp_server_cm300p.1bc ncp_server_cm400p.1bc ncp_server_cm600p.1bc ipl-256_firmware +9 more | Remote | Injection
Feb 24, 2026 Mar 02, 2026
Feb 24, 2026
Mar 02, 2026
7.8 HIGH
CVE-2026-2664 — Out of bounds read vulnerability in grpcfuse kernel module

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an …

desktop | Memory Corruption
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2025-27555 — Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow…

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection pa…

airflow | Remote | Information Disclosure
Feb 24, 2026 Mar 11, 2026
Feb 24, 2026
Mar 11, 2026
8.4 HIGH
CVE-2024-56373 — Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able t…

airflow | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.9 CRITICAL
CVE-2025-11165 — DotCMS Velocity Sandbox Escape Vulnerability

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by Sec…

dotcms | Remote | Injection
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
8.1 HIGH
CVE-2024-1524 — A local user can be impersonated when using federated authentication with Silent JIT Prov…

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account p…

api_manager identity_server wso2_identity_server wso2_api_manager | Remote | Authentication
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-1229 — Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signi…

circl | Remote | Cryptography
Feb 24, 2026 Mar 03, 2026
Feb 24, 2026
Mar 03, 2026
9.1 CRITICAL
CVE-2025-40541 — SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerabi…

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requir…

serv-u | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40540 — SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative p…

serv-u | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40539 — SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative p…

serv-u | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2025-40538 — SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via d…

serv-u | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
Showing 20 of 5992 Results