Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-2099 — Flowring|AgentFlow - Stored Cross-Site Scripting

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upo…

agentflow | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
6.1 MEDIUM
CVE-2026-2098 — Flowring|AgentFlow - Reflected Cross-site Scripting

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing …

agentflow | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
8.8 HIGH
CVE-2026-2097 — Flowring|Agentflow - Arbitrary File Upload

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code executio…

agentflow | Remote | Authentication
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
9.8 CRITICAL
CVE-2026-2096 — Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

agentflow | Remote | Authentication
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
9.8 CRITICAL
CVE-2026-2095 — Flowring|Agentflow - Authentication Bypass

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token…

agentflow | Remote | Authentication
Feb 10, 2026 Feb 13, 2026
Feb 10, 2026
Feb 13, 2026
8.8 HIGH
CVE-2026-2094 — Flowring|Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Remote | Injection
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
8.7 HIGH
CVE-2026-2093 — Flowring|Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Remote | Injection
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
5.7 MEDIUM
CVE-2025-12063 — Apache Data Object Reference Bypass

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.

camera_station_pro axis_camera_station_pro | Authorization
Feb 10, 2026 Feb 17, 2026
Feb 10, 2026
Feb 17, 2026
6.4 MEDIUM
CVE-2026-0996 — Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI F…

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authoriz…

contact_form | Remote | Cross-Site Scripting
Feb 10, 2026 Feb 10, 2026
Feb 10, 2026
Feb 10, 2026
4.5 MEDIUM
CVE-2025-13064 — Apache HTTP Server Cross-Site Scripting (XSS)

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses …

camera_station_pro axis_camera_station_pro | Injection
Feb 10, 2026 Feb 17, 2026
Feb 10, 2026
Feb 17, 2026
4.6 MEDIUM
CVE-2025-12757 — AXIS Camera Station Pro Information Disclosure

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.

camera_station_pro axis_camera_station_pro | Authorization
Feb 10, 2026 Feb 17, 2026
Feb 10, 2026
Feb 17, 2026
7.8 HIGH
CVE-2025-11547 — AXIS Camera Station Pro Privilege Escalation Vulnerability

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

camera_station_pro axis_camera_station_pro | Authorization
Feb 10, 2026 Feb 17, 2026
Feb 10, 2026
Feb 17, 2026
8.8 HIGH
CVE-2025-11142 — VAPIX API Mediaclip.cgi Remote Code Execution Vulnerability

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or ad…

axis_os axis_os | Remote | Injection
Feb 10, 2026 Feb 28, 2026
Feb 10, 2026
Feb 28, 2026
Showing 20 of 5513 Results