Latest CVE Feed
-
8.8
HIGHCVE-2026-27615
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention (UNC) pa... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2026-27614
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-27612
Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the `RepoCard` component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occurs because the component uses React's `dangerouslySetI... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-27611
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens becaus... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authentication
-
7.0
HIGHCVE-2026-27610
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Misconfiguration
-
8.3
HIGHCVE-2026-27609
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visi... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Cross-Site Request Forgery
-
9.3
CRITICALCVE-2026-27608
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps c... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2026-27607
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers to bypass content-length-range, starts-wi... Read more
Affected Products : rustfs- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-27606
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitiza... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Path Traversal
-
9.9
CRITICALCVE-2026-27595
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticat... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authentication
-
4.5
MEDIUMCVE-2026-25135
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patie... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Information Disclosure
-
5.2
MEDIUMCVE-2025-5781
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.... Read more
Affected Products : device_manager- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2026-2914
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs... Read more
Affected Products :- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-25131
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such ... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
7.0
HIGHCVE-2026-25127
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Versio... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-25124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to ex... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24896
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih_main.php endpoint, which allows any authenticated user—includin... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2026-24849
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the `disposeDocument()` method in `EtherFaxActions.php` allows authenticated users to read arbitrary files from the server fil... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2026-24847
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited fo... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Misconfiguration
-
1.2
LOWCVE-2026-21443
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the `xl()` translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts (`... Read more
Affected Products : openemr- Published: Feb. 25, 2026
- Modified: Feb. 25, 2026
- Vuln Type: Cross-Site Scripting