Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2026-27193

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/g... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2026-27192

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2026-27191

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens v... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-65995

    When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users wh... Read more

    Affected Products : airflow
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2026-27203

    eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool a... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-27202

    GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2026-27189

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations ... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2026-27170

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Po... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.9

    HIGH
    CVE-2026-27169

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. S... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-27168

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read di... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-27161

    GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environ... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-27147

    GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restri... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-27146

    GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request f... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2026-27134

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Str... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-2635

    MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw e... Read more

    Affected Products : mlflow
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2026-2492

    TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execu... Read more

    Affected Products : tensorflow
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-2490

    RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obt... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2026-2048

    GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the t... Read more

    Affected Products : gimp
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-2047

    GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th... Read more

    Affected Products : gimp
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-2045

    GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the t... Read more

    Affected Products : gimp
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 5174 Results