Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-3277

    The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the O... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2026-2750

    Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2026-2749

    Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2026-2359

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-27831

    rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.... Read more

    Affected Products :
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-71056

    Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.... Read more

    Affected Products :
    • Published: Feb. 23, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2019-25312

    InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, p... Read more

    Affected Products : inoerp
    • Published: Feb. 11, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2020-37196

    Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registratio... Read more

    Affected Products : domain_name_search_software
    • Published: Feb. 11, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25346

    TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potential... Read more

    Affected Products : password_management_application
    • Published: Feb. 12, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-25963

    Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the sa... Read more

    Affected Products : fleet
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-27798

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise... Read more

    Affected Products : imagemagick magick.net
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2026-27799

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer... Read more

    Affected Products : imagemagick magick.net
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2019-25347

    thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to use... Read more

    Affected Products : password_management_application
    • Published: Feb. 12, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2026-28215

    hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP setting... Read more

    Affected Products : hoppscotch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2026-28216

    hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. `user-environments.resolver.ts:82-109`, `updateUserEnvironment` mutation uses `@Use... Read more

    Affected Products : hoppscotch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-28217

    hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized `data` field containi... Read more

    Affected Products : hoppscotch
    • Published: Feb. 26, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2026-3272

    A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack i... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3273

    A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3274

    A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is pos... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-3275

    A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed ... Read more

    Affected Products : f453_firmware f453
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4904 Results