Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2026-27699

    The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequenc... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-27695

    zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-p... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-27692

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while pa... Read more

    Affected Products : iccdev
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2026-27691

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes... Read more

    Affected Products : iccdev
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-3186

    A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the ar... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-3185

    A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The a... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2026-28196

    In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk... Read more

    Affected Products : teamcity
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2026-28195

    In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations... Read more

    Affected Products : teamcity
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2026-28194

    In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow... Read more

    Affected Products : teamcity
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-28193

    In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint... Read more

    Affected Products : youtrack
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2026-2624

    Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2026-21725

    A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the s... Read more

    Affected Products : grafana
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Race Condition

  • 5.9

    MEDIUM
    CVE-2026-0704

    In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.... Read more

    Affected Products : octopus_server
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-3118

    A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, wh... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2026-25701

    An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up i... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-26104

    A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not per... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-26103

    A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-67860

    A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2025-67601

    A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certific... Read more

    Affected Products : rancher
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-62878

    A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.... Read more

    Affected Products : rancher
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4923 Results