Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-68277

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior co... Read more

    Affected Products : openemr
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-67752

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`... Read more

    Affected Products : openemr
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-3137

    A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environ... Read more

    Affected Products : food_ordering_system
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-3135

    A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack... Read more

    Affected Products : news_portal_project
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-67491

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is... Read more

    Affected Products : openemr
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2026-25701

    An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up i... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-14742

    The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes it possible for a... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2026-3171

    A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross s... Read more

    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2026-2479

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validation instead of strict host comparison... Read more

    Affected Products : responsive_lightbox
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-11563

    URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.... Read more

    Affected Products : curl
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2026-3167

    A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. T... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2026-3179

    The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files out... Read more

    Affected Products : data_master
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2026-3168

    A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3166

    A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-3153

    A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The ... Read more

    Affected Products : document_management_system
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-3151

    A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-25785

    Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-3164

    A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remote... Read more

    Affected Products : news_portal_project
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-3149

    A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument course_code can lead to sql i... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-27624

    Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 25, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4866 Results