Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-2782

    Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-2780

    Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-2776

    Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2026-2775

    Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-2771

    Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2770

    Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2768

    Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-2766

    Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2765

    Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-2764

    JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.... Read more

    Affected Products : firefox firefox_esr
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-27468

    Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/conte... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2026-25603

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2026-27586

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, ... Read more

    Affected Products : caddy
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2026-27517

    Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2026-27590

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This... Read more

    Affected Products : caddy
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2024-48928

    Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to b... Read more

    Affected Products : piwigo
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.7

    HIGH
    CVE-2026-27587

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `path` request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences (`%xx`) it compares against the ... Read more

    Affected Products : caddy
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-13776

    Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has bee... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2026-27519

    Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality pr... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2026-23678

    Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostna... Read more

    Affected Products :
    • Published: Feb. 24, 2026
    • Modified: Feb. 24, 2026
    • Vuln Type: Injection
Showing 20 of 4818 Results