Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.1

    MEDIUM
    CVE-2025-46320

    A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting
  • 4.8

    MEDIUM
    CVE-2026-26351

    GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting
  • 4.3

    MEDIUM
    CVE-2026-27205

    Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerabili... Read more

    Affected Products : flask
    • Published: Feb. 21, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration
  • 7.8

    HIGH
    CVE-2026-21420

    Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalatio... Read more

    Affected Products : repository_manager
    • Published: Feb. 23, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Path Traversal
  • 5.3

    MEDIUM
    CVE-2026-23969

    Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability... Read more

    Affected Products : superset
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2026-3131

    Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authorization
  • 8.7

    HIGH
    CVE-2026-26342

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token ... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication
  • 5.3

    MEDIUM
    CVE-2026-23980

    Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue ... Read more

    Affected Products : superset
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2026-2805

    Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2803

    Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure
  • 0.0

    NA
    CVE-2026-2797

    Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2795

    Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.... Read more

    Affected Products : firefox
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2788

    Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2781

    Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2774

    Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2772

    Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-2761

    Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration
  • 0.0

    NA
    CVE-2026-2757

    Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption
  • 6.1

    MEDIUM
    CVE-2026-27156

    NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgGrid.run_grid_method()`, `EChart.run_chart_method()`, and others) use an `eval()` fallback in the... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting
  • 5.5

    MEDIUM
    CVE-2025-62512

    Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4817 Results