Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2026-27754

    SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnera... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cryptography

  • 8.2

    HIGH
    CVE-2026-2293

    A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2026-25147

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` ... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-24488

    OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read ... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69437

    PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and vie... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2026-3304

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users shoul... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-3277

    The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the O... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2026-2750

    Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2026-2749

    Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2026-2359

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2026-3327

    Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origin... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2026-3223

    Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2026-2751

    Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server ... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-15498

    Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges.  This issue was identified in version 1.2.0 of t... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-10990

    A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impac... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-11950

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026. NOTE: The vendor was con... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11252

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was cont... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2026-2831

    The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL q... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-24352

    PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session... Read more

    Affected Products : pluxml
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2026-24351

    PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about t... Read more

    Affected Products : pluxml
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4910 Results