Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2025-14577 — PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/…

ncp_firmware ncp_server_cm300p ncp_server_cm300p.1bc ncp_server_cm400p.1bc ncp_server_cm600p.1bc ipl-256_firmware +9 more | Remote | Injection
Feb 24, 2026 Mar 02, 2026
Feb 24, 2026
Mar 02, 2026
7.8 HIGH
CVE-2026-2664 — Out of bounds read vulnerability in grpcfuse kernel module

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an …

desktop | Memory Corruption
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2025-27555 — Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow…

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection pa…

airflow | Remote | Information Disclosure
Feb 24, 2026 Mar 11, 2026
Feb 24, 2026
Mar 11, 2026
8.4 HIGH
CVE-2024-56373 — Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able t…

airflow | Remote | Authorization
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
Showing 20 of 6004 Results