Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-2391

    ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to th... Read more

    Affected Products : qs
    • Published: Feb. 12, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-3026

    A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side reques... Read more

    Affected Products : jeewms
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.0

    HIGH
    CVE-2026-2086

    A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more

    Affected Products : 810g_firmware 810g
    • Published: Feb. 07, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2026-2980

    A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been... Read more

    Affected Products : 810g_firmware 810g
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-3027

    A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The ... Read more

    Affected Products : jeewms
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2026-2981

    A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The ex... Read more

    Affected Products : 810g_firmware 810g
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3015

    A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remote... Read more

    Affected Products : 810g_firmware 810g
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-26316

    OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when t... Read more

    Affected Products : openclaw
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-15313

    Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.... Read more

    Affected Products : endpoint_euss euss
    • Published: Feb. 10, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-15310

    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-25957

    Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13... Read more

    Affected Products : cube.js
    • Published: Feb. 09, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2026-26223

    SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-26345

    SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately sanitize user-controlled content, allowing authenticate... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-24846

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a s... Read more

    Affected Products : malcontent
    • Published: Jan. 29, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Supply Chain

  • 7.5

    HIGH
    CVE-2025-62599

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sen... Read more

    Affected Products : debian_linux fast_dds
    • Published: Feb. 03, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2026-27472

    SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker ... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2026-27473

    SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inje... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2026-27474

    SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2026-27475

    SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or ano... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2026-23859

    Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4806 Results