Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-23983 — Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve …

superset | Remote | Information Disclosure
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.1 HIGH
CVE-2026-23982 — Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to pre…

superset | Remote | Authorization
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-23980 — Apache Superset: Improper Neutralization of Special Elements used in a SQL Command

Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection…

superset | Remote | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-23969 — Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Fil…

Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included r…

superset | Remote | Injection
Feb 24, 2026 Feb 26, 2026
Feb 24, 2026
Feb 26, 2026
8.7 HIGH
CVE-2026-1773 — IEC 60870-5-104 Denial of Service

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure com…

rtu520_firmware rtu530_firmware rtu540_firmware rtu560_firmware rtu520 rtu530 +2 more | Remote | Denial of Service
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-1772 — RTU500 Web Interface Information Disclosure

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser developme…

rtu520_firmware rtu530_firmware rtu540_firmware rtu560_firmware rtu520 rtu530 +2 more | Remote | Information Disclosure
Feb 24, 2026 Feb 27, 2026
Feb 24, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2025-14577 — PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/…

ncp_firmware ncp_server_cm300p ncp_server_cm300p.1bc ncp_server_cm400p.1bc ncp_server_cm600p.1bc ipl-256_firmware +9 more | Remote | Injection
Feb 24, 2026 Mar 02, 2026
Feb 24, 2026
Mar 02, 2026
Showing 20 of 6007 Results