Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-27148

    Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-27819

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-27616

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as <script> t... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-27575

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid a... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-27116

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rendered into the DOM without output encoding when the user ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-26985

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated us... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-2694

    The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it p... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-3200

    A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. T... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2026-3172

    Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-2845

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoi... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2026-27015

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client v... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-26965

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYD... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-26955

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surfac... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-26271

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is rea... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026

  • 5.5

    MEDIUM
    CVE-2026-25997

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) f... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25959

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which conve... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25955

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->d... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25954

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` hash t... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25953

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime p... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25952

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4934 Results