Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-27568 — AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficientl…

avideo | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
6.5 MEDIUM
CVE-2026-27567 — Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When …

payload | Remote | Server-Side Request Forgery
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
8.8 HIGH
CVE-2026-27483 — MindsDB has Path Traversal in /api/files Leading to Remote Code Execution

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authent…

mindsdb | Remote | Path Traversal
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
9.2 CRITICAL
CVE-2026-27208 — api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execut…

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to ex…

api-gateway-deploy | Injection
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
4.9 MEDIUM
CVE-2026-0402 — SonicOS Out-of-bounds Read Remote Crash

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Denial of Service
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
4.9 MEDIUM
CVE-2026-0401 — SonicOS NULL Pointer Dereference Remote Denial of Service

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Denial of Service
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
4.9 MEDIUM
CVE-2026-0400 — SonicOS Format String Vulnerability

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Information Disclosure
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
4.9 MEDIUM
CVE-2026-0399 — SonicOS Stack-Based Buffer Overflow Vulnerability

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Memory Corruption
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
7.5 HIGH
CVE-2025-67445 — TOTOLINK X5000R Denial-of-Service CGI Memory Exhaustion Vulnerability

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CO…

x5000r_firmware x5000r | Remote | Denial of Service
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
6.8 MEDIUM
CVE-2025-10010 — Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a sepa…

cryptopro_secure_disk | Misconfiguration
Feb 24, 2026 Mar 13, 2026
Feb 24, 2026
Mar 13, 2026
Showing 20 of 6010 Results