Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-3101

    A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and co... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2026-27732

    WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authen... Read more

    Affected Products : avideo
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.2

    CRITICAL
    CVE-2026-27584

    Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive ba... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2026-27568

    WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing `javascript:` URIs to be rendered ... Read more

    Affected Products : avideo
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-27567

    Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient ... Read more

    Affected Products : payload
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2026-27483

    MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command ex... Read more

    Affected Products : mindsdb
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Path Traversal

  • 9.2

    CRITICAL
    CVE-2026-27208

    bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2026-0402

    A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.... Read more

    Affected Products : sonicos
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2026-0401

    A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.... Read more

    Affected Products : sonicos
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2026-0400

    A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.... Read more

    Affected Products : sonicos
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2026-0399

    Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.... Read more

    Affected Products : sonicos
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-67445

    TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. Wh... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-10010

    The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyon... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-2807

    Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2806

    Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2805

    Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2026-2804

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2803

    Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2026-2802

    Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-2801

    Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4819 Results