Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2026-3071

    Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2026-2244

    A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been pat... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-26077

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the `WebhooksController` accepted requests without a valid authentication... Read more

    Affected Products : discourse
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2026-2680

    Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browse... Read more

    Affected Products : a3factura
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-2679

    Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.... Read more

    Affected Products : a3factura
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-2678

    Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.... Read more

    Affected Products : a3factura
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-2677

    Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.... Read more

    Affected Products : a3factura
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-14343

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-1198

    SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in 6.30... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-64999

    Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be ac... Read more

    Affected Products : checkmk
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2026-28138

    Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2026-28136

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.... Read more

    Affected Products : wp_sms
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-28132

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-28131

    Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4.... Read more

    Affected Products : elementor_addon_elements
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-28083

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.... Read more

    Affected Products : flatsome
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-1698

    A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability onl... Read more

    Affected Products : pcvue
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1697

    The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.... Read more

    Affected Products : pcvue
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2026-1696

    Some HTTP security headers are not properly set by the web server when sending responses to the client application.... Read more

    Affected Products : pcvue
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-1695

    An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from a... Read more

    Affected Products : pcvue
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2026-1694

    HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It u... Read more

    Affected Products : pcvue
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4945 Results