Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.0

    MEDIUM
    CVE-2026-27015

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client v... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 7.5

    HIGH
    CVE-2026-26265

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization
  • 2.3

    LOW
    CVE-2026-26228

    VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Path Traversal
  • 5.4

    MEDIUM
    CVE-2026-26207

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `discourse-policy` plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The `PolicyController` lo... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authorization
  • 7.5

    HIGH
    CVE-2026-26078

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the `patreon_webhook_secret` site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as ... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
  • 5.5

    MEDIUM
    CVE-2026-25959

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which conve... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.5

    MEDIUM
    CVE-2026-25955

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->d... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.5

    MEDIUM
    CVE-2026-25954

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` hash t... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.5

    MEDIUM
    CVE-2026-25953

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime p... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 5.5

    MEDIUM
    CVE-2026-25952

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from... Read more

    Affected Products : freerdp
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Memory Corruption
  • 6.1

    MEDIUM
    CVE-2026-25736

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting
  • 6.1

    MEDIUM
    CVE-2026-25735

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting
  • 6.1

    MEDIUM
    CVE-2026-25734

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting
  • 7.3

    HIGH
    CVE-2026-25733

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in ... Read more

    Affected Products :
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Cross-Site Scripting
  • 8.1

    HIGH
    CVE-2026-22719

    VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migr... Read more

    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2025-71057

    Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
  • 8.7

    HIGH
    CVE-2026-25649

    Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The `redir... Read more

    Affected Products : traccar
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
  • 10.0

    CRITICAL
    CVE-2026-20127

    A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain admi... Read more

    • Actively Exploited
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
  • 7.2

    HIGH
    CVE-2026-3040

    A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command... Read more

    Affected Products : vigor300b_firmware vigor300b
    • Published: Feb. 23, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2026-27637

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predictable authentication token computed as `MD5(user_id + created_at + APP_KEY)`. This token is static... Read more

    Affected Products : freescout
    • Published: Feb. 25, 2026
    • Modified: Feb. 26, 2026
    • Vuln Type: Authentication
Showing 20 of 4892 Results