Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2026-27199

    Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filt... Read more

    Affected Products : werkzeug
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2026-27198

    Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it do... Read more

    Affected Products : formwork
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-26047

    A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated us... Read more

    Affected Products : moodle
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2026-26046

    A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted sett... Read more

    Affected Products : moodle
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-26045

    A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since res... Read more

    Affected Products : moodle
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-2860

    A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorizati... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2026-27197

    Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Iden... Read more

    Affected Products : sentry
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2026-27196

    Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissi... Read more

    Affected Products : statamic
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2026-27194

    D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to ru... Read more

    Affected Products : d-tale
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2026-27193

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/g... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2026-27192

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2026-27191

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens v... Read more

    Affected Products : feathers
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-65995

    When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users wh... Read more

    Affected Products : airflow
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2026-27203

    eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool a... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-27202

    GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2026-27189

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations ... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2026-27170

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Po... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.9

    HIGH
    CVE-2026-27169

    OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. S... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-27168

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read di... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-27161

    GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environ... Read more

    Affected Products : getsimple_cms
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4802 Results