Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-28429 — Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implemen…

talishar | Remote | Path Traversal
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
5.3 MEDIUM
CVE-2026-28428 — Talishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game A…

Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to per…

talishar | Remote | Authentication
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
6.3 MEDIUM
CVE-2026-27605 — Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files (project …

chartbrew | Remote | Cross-Site Scripting
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
8.7 HIGH
CVE-2026-27603 — Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_…

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project…

chartbrew | Remote | Authentication
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
9.8 CRITICAL
CVE-2026-27005 — Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
8.8 HIGH
CVE-2026-25888 — Chartbrew: Remote Code Execution (RCE) via Vulnerable API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability v…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
7.2 HIGH
CVE-2026-25887 — Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability v…

chartbrew | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
6.5 MEDIUM
CVE-2026-25877 — Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks ba…

chartbrew | Remote | Authorization
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
Showing 20 of 5948 Results