Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-13672

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-13671

    Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML trigg... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2026-26744

    A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2026-26317

    OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-init... Read more

    Affected Products : openclaw
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2026-26316

    OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when t... Read more

    Affected Products : openclaw
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-26315

    go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in... Read more

    Affected Products : go_ethereum
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2026-26314

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releas... Read more

    Affected Products : go_ethereum
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-26275

    httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, the compa... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2026-2738

    Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet... Read more

    Affected Products : ovpn-dco-win
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-27476

    RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-27440

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2026-27387

    Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.... Read more

    Affected Products : directorypress
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2026-27368

    Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2026-27360

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.... Read more

    Affected Products : photo_gallery
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-27343

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-27328

    Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-27327

    Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through <= 4.3.2.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-27114

    NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.... Read more

    Affected Products : nanazip
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-27014

    NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parse... Read more

    Affected Products : nanazip
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2026-26313

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.... Read more

    Affected Products : go_ethereum
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4756 Results