Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-26002 — OnDemand susceptible to malicious input when navigating to a directory.

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory…

open_ondemand | Remote | Path Traversal
Mar 04, 2026 Mar 18, 2026
Mar 04, 2026
Mar 18, 2026
4.8 MEDIUM
CVE-2025-41257 — Suprema BioStar 2 Insecure Password Change

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account a…

Remote | Authentication
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
10.0 CRITICAL
CVE-2026-29000 — pac4j-jwt JwtAuthenticator Authentication Bypass

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authenticat…

pac4j | Remote | Authentication
Mar 04, 2026 Mar 10, 2026
Mar 04, 2026
Mar 10, 2026
5.4 MEDIUM
CVE-2026-27898 — Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id a…

vaultwarden | Remote | Information Disclosure
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
8.3 HIGH
CVE-2026-27803 — Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for M…

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can sti…

vaultwarden | Remote | Authorization
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
8.3 HIGH
CVE-2026-27802 — Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections …

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission up…

vaultwarden | Remote | Authorization
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
6.0 MEDIUM
CVE-2026-27801 — Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protect…

vaultwarden | Remote | Authentication
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
8.5 HIGH
CVE-2026-25750 — LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via M…

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Stud…

langsmith | Remote | Information Disclosure
Mar 04, 2026 Mar 18, 2026
Mar 04, 2026
Mar 18, 2026
5.3 MEDIUM
CVE-2026-22040 — NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the sa…

nanomq | Remote | Memory Corruption
Mar 04, 2026 Mar 18, 2026
Mar 04, 2026
Mar 18, 2026
9.8 CRITICAL
CVE-2025-70222 — D-Link DIR-513 Buffer Overflow Vulnerability

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.

dir-513_firmware dir-513 | Remote | Memory Corruption
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
3.4 LOW
CVE-2025-68467 — Dark Reader gives users the ability to request style sheets from local web servers

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet …

darkreader | Remote | Server-Side Request Forgery
Mar 04, 2026 Mar 18, 2026
Mar 04, 2026
Mar 18, 2026
8.6 HIGH
CVE-2025-66024 — XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. Th…

Remote | Cross-Site Scripting
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2025-70225 — D-Link DIR-513 Buffer Overflow

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component

dir-513_firmware dir-513 | Remote | Memory Corruption
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
9.8 CRITICAL
CVE-2025-70221 — D-Link DIR-513 Buffer Overflow Vulnerability

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.

dir-513_firmware dir-513 | Remote | Memory Corruption
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
9.8 CRITICAL
CVE-2025-46108 — D-Link Dir-513 Buffer Overflow Vulnerability

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.

dir-513_firmware dir-513 | Remote | Memory Corruption
Mar 04, 2026 Mar 06, 2026
Mar 04, 2026
Mar 06, 2026
Showing 20 of 6335 Results