Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2026-3101

    A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and co... Read more

    Affected Products : tip_635g_firmware tip_635g
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-3102

    A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command in... Read more

    Affected Products : macos exiftool
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026

  • 9.8

    CRITICAL
    CVE-2026-2964

    A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of obj... Read more

    Affected Products : webaudiorecorder.js
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-11563

    URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.... Read more

    Affected Products : curl wcurl
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-70044

    An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.... Read more

    Affected Products : utools-quickcommand
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-70045

    An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true... Read more

    Affected Products : jxm
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-70058

    An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests... Read more

    Affected Products : yapi
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2026-26464

    Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can ... Read more

    Affected Products : society_management_system_portal
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-61146

    saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.... Read more

    Affected Products : libsixel
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2026-0399

    Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.... Read more

    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-27152

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via `Chat::AddUsersToChannel` — a user could add targets who have blocked/ignored/muted them to an... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-27567

    Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient ... Read more

    Affected Products : payload
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2026-27162

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `posts_nearby` was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. U... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2026-27568

    WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing `javascript:` URIs to be rendered ... Read more

    Affected Products : avideo
    • Published: Feb. 24, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-0805

    An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more

    Affected Products : crafty_controller
    • Published: Jan. 30, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-27151

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_posts?` on the source topic but never validated write permissions on the destination topic. This allowed T... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-27150

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `QueryGroupBookmarkable` allows any logged-in user to create bookmarks for query groups... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2026-0963

    An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more

    Affected Products : crafty_controller
    • Published: Jan. 30, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-27149

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering (`list_private_messages_tag`) allows bypassing tag filter conditions, potentially disclosing unauthorized private messa... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-27021

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization
Showing 20 of 4879 Results