Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2026-28216

    hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. `user-environments.resolver.ts:82-109`, `updateUserEnvironment` mutation uses `@Use... Read more

    Affected Products : hoppscotch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-28217

    hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized `data` field containi... Read more

    Affected Products : hoppscotch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2026-3272

    A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack i... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3273

    A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3274

    A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is pos... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3275

    A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed ... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2026-25136

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.... Read more

    Affected Products : rucio
    • Published: Feb. 25, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 10.0

    HIGH
    CVE-2026-3301

    A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument ... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2026-3302

    A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross ... Read more

    Affected Products : doctor_appointment_system
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2019-25460

    Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malici... Read more

    Affected Products : ticaret platinum_e-ticaret
    • Published: Feb. 22, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25362

    WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a... Read more

    Affected Products : wmv_to_avi_mpeg_dvd_wmv_convertor
    • Published: Feb. 18, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-3327

    Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origin... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2751

    Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server ... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-27966

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a... Read more

    Affected Products : langflow
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2026-27327

    Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through <= 4.3.2.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-25422

    Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.... Read more

    Affected Products : popularis_extra
    • Published: Feb. 19, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-25323

    Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-24984

    Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.... Read more

    Affected Products : visual_link_preview
    • Published: Feb. 03, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2026-23750

    Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, t... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2026-23749

    Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MA... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4919 Results