Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2026-27129

    Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only ... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2026-27128

    Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usa... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2026-27127

    Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.9

    MEDIUM
    CVE-2026-27126

    Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The applicati... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-26983

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-26981

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istr... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-26331

    yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command inj... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-26284

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder c... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2026-26283

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing ... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-26198

    Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sqlalchemy.text()` without any validation or sanitization.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2026-26066

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25989

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypas... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2026-1459

    A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operat... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13943

    A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13942

    A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP ... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-11848

    A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with admin... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-11847

    A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with admi... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-3053

    A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to miss... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-3052

    A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulatio... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-25988

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, cau... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4710 Results