Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-27005 — Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
8.8 HIGH
CVE-2026-25888 — Chartbrew: Remote Code Execution (RCE) via Vulnerable API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability v…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
7.2 HIGH
CVE-2026-25887 — Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability v…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
6.5 MEDIUM
CVE-2026-25877 — Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks ba…

chartbrew | Remote | Authorization
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
Showing 20 of 5944 Results