Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-1627 — Cisco SSH Weak MAC Algorithm Vulnerability

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data i…

Remote | Cryptography
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-1626 — Cisco SSH CBC Vulnerability

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercep…

Remote | Cryptography
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
3.1 LOW
CVE-2025-12150 — Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via s…

keycloak | Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.6 HIGH
CVE-2026-27776 — Intra-mart Accel Platform IM-LogicDesigner Deserialization RCE Vulnerability

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be execute…

| Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
8.3 HIGH
CVE-2026-0980 — Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit …

Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
4.9 MEDIUM
CVE-2026-0871 — Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user att…

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes.…

Remote | Authorization
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.7 MEDIUM
CVE-2025-9909 — Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//…

| Path Traversal
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.7 MEDIUM
CVE-2025-9908 — Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastruct…

| Information Disclosure
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.7 MEDIUM
CVE-2025-9907 — Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructur…

| Information Disclosure
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
5.0 MEDIUM
CVE-2025-9572 — Foreman: satellite: graphql api permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the Grap…

satellite | Remote | Authorization
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.3 MEDIUM
CVE-2025-13327 — Uv: uv: specially crafted zip archives lead to arbitrary code execution due to parsing di…

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that …

| Supply Chain
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.1 MEDIUM
CVE-2026-3302 — SourceCodester Doctor Appointment System Sign Up register.php cross site scripting

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing…

doctor_appointment_system | Remote | Cross-Site Scripting
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
5.1 MEDIUM
CVE-2025-15567 — Apache OpenAM Information Disclosure

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.

| Information Disclosure
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
7.1 HIGH
CVE-2025-15509 — Apache SmartRemote URL Loading Information Leak Vulnerability

The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Remote | Information Disclosure
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.4 MEDIUM
CVE-2025-14149 — Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored …

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and inc…

Remote | Cross-Site Scripting
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
6.4 MEDIUM
CVE-2025-14040 — Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+)…

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. Th…

Remote | Cross-Site Scripting
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2025-12981 — Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user reg…

Remote | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
10.0 HIGH
CVE-2026-3301 — Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection

A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Manageme…

n300rh_firmware n300rh | Remote | Injection
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
4.8 MEDIUM
CVE-2026-3293 — snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlann…

snowflake_jdbc | Denial of Service
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
7.4 HIGH
CVE-2026-28372 — Telnetd in GNU inetutils Privilege Escalation Vulnerability

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.4…

inetutils | Authentication
Feb 27, 2026 Feb 27, 2026
Feb 27, 2026
Feb 27, 2026
Showing 20 of 4749 Results