Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.8 MEDIUM
CVE-2026-3277 — PowerShell Universal OpenID Connect Cleartext Client Secret Exposure

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows a…

powershell_universal | Authentication
Feb 27, 2026 Mar 11, 2026
Feb 27, 2026
Mar 11, 2026
9.8 CRITICAL
CVE-2026-2750 — Command Injection via CLAPI generatetraps

Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from a…

web | Remote | Injection
Feb 27, 2026 Mar 23, 2026
Feb 27, 2026
Mar 23, 2026
9.9 CRITICAL
CVE-2026-2749 — Path traversal in Centreon Open Tickets

Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8,…

linux_kernel open_tickets | Remote | Information Disclosure
Feb 27, 2026 Mar 23, 2026
Feb 27, 2026
Mar 23, 2026
8.7 HIGH
CVE-2026-2359 — Multer vulnerable to Denial of Service via resource exhaustion

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection duri…

multer | Remote | Denial of Service
Feb 27, 2026 Mar 19, 2026
Feb 27, 2026
Mar 19, 2026
4.8 MEDIUM
CVE-2026-3327 — Authenticated DatoCMS Web Previews Plugin Iframe Injection

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabli…

Remote | Injection
Feb 27, 2026 Mar 02, 2026
Feb 27, 2026
Mar 02, 2026
8.4 HIGH
CVE-2026-3223 — Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

web_designer | Path Traversal
Feb 27, 2026 Mar 02, 2026
Feb 27, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-2751 — Blind SQL Injection

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Inje…

centreon_web | Remote | Injection
Feb 27, 2026 Mar 09, 2026
Feb 27, 2026
Mar 09, 2026
9.3 CRITICAL
CVE-2025-15498 — SQL Injection in Pro3W CMS

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privi…

Remote | Injection
Feb 27, 2026 Mar 02, 2026
Feb 27, 2026
Mar 02, 2026
7.5 HIGH
CVE-2025-10990 — Rexml: rexml: denial of service via inefficient regex parsing

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead …

Remote | Denial of Service
Feb 27, 2026 Mar 02, 2026
Feb 27, 2026
Mar 02, 2026
6.3 MEDIUM
CVE-2025-11950 — Reflected XSS in Knowhy's EduAsist

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affec…

eduasist | Remote | Cross-Site Scripting
Feb 27, 2026 Mar 09, 2026
Feb 27, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2025-11252 — SQLi in Signum Technologies' windesk.fm

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects …

windesk.fm | Remote | Injection
Feb 27, 2026 Feb 28, 2026
Feb 27, 2026
Feb 28, 2026
Showing 20 of 5911 Results