Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-28193 — JetBrains YouTrack Unvalidated Request Vulnerability

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

youtrack | Remote | Server-Side Request Forgery
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2026-2624 — Authentication Bypass in ePati's Antikor NGFW

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor …

antikor_next_generation_firewall | Remote | Authentication
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
2.6 LOW
CVE-2026-21725 — Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to…

grafana | Remote | Race Condition
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.1 CRITICAL
CVE-2026-0704 — Octopus Deploy File Traversal Vulnerability

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to…

linux_kernel windows octopus_server | Remote | Path Traversal
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-3118 — Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer …

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user …

developer_hub | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.0 HIGH
CVE-2026-25701 — openSUSE sdbootutil Temporary File Insecure Directory Creation Vulnerability

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in…

| Information Disclosure
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
5.5 MEDIUM
CVE-2026-26104 — Udisks: missing authorization check allows unprivileged users to back up luks headers via…

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method re…

enterprise_linux udisks grub2 gix-date | Authorization
Feb 25, 2026 Mar 25, 2026
Feb 25, 2026
Mar 25, 2026
7.1 HIGH
CVE-2026-26103 — Udisks: missing authorization check allows unprivileged users to restore luks headers via…

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unpriv…

enterprise_linux udisks grub2 gix-date | Authorization
Feb 25, 2026 Mar 25, 2026
Feb 25, 2026
Mar 25, 2026
3.8 LOW
CVE-2025-67860 — NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credential…

| Information Disclosure
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
8.3 HIGH
CVE-2025-67601 — Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert…

rancher rancher | Remote | Misconfiguration
Feb 25, 2026 Mar 03, 2026
Feb 25, 2026
Mar 03, 2026
9.9 CRITICAL
CVE-2025-62878 — Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended…

rancher | Remote | Path Traversal
Feb 25, 2026 Feb 25, 2026
Feb 25, 2026
Feb 25, 2026
Showing 20 of 6071 Results