CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2025-1242 Administrative Credentials Can Be Extracted Through Gardyn API Responses 25.02.2026 9.3
CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) 25.02.2026 9.9
CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method 25.02.2026 9.1
CVE-2026-2624 Authentication Bypass in ePati's Antikor NGFW 25.02.2026 9.8
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern 25.02.2026 9.9
CVE-2026-25785 25.02.2026 9.3
CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM. 25.02.2026 9.2
CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape 25.02.2026 10
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover 25.02.2026 9.8
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection 25.02.2026 9.8
CVE-2026-27743 SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection 25.02.2026 9.3
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE 25.02.2026 9.3
CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint 25.02.2026 9.9
CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint 25.02.2026 9.3
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering 25.02.2026 9.3
CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks 25.02.2026 10
CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover 25.02.2026 9.1
CVE-2026-24849 OpenEMR Arbitrary File Read Vulnerability 25.02.2026 10
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection 24.02.2026 9.3
CVE-2026-21410 InSAT MasterSCADA BUK-TS SQL Injection 24.02.2026 9.3
CVE-2026-22553 InSAT MasterSCADA BUK-TS OS Command Injection 24.02.2026 9.3
CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials 24.02.2026 9.3
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE 24.02.2026 10
CVE-2026-27507 Binardat 10G08-0800GSM Network Switch Hard-coded Credentials 24.02.2026 9.3
CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers 24.02.2026 9.3
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints 24.02.2026 9.2
CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution 24.02.2026 9.2
CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU 24.02.2026 9.3
CVE-2025-11165 24.02.2026 9.4
CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability 25.02.2026 9.1
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability 25.02.2026 9.1
CVE-2025-40539 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability 25.02.2026 9.1
CVE-2025-40540 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability 25.02.2026 9.1
CVE-2025-13942 25.02.2026 9.8
CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max() 24.02.2026 9.8
CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint 25.02.2026 9.3
CVE-2025-41002 SQL injection in Infoticketing 24.02.2026 9.3
CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System 23.02.2026 9.8
CVE-2026-27574 OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE 24.02.2026 10
CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer 24.02.2026 9.2
CVE-2026-27471 ERP: Document access through endpoints due to missing validation 24.02.2026 9.3
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse 21.02.2026 9.1
CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability 24.02.2026 9.4
CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking 24.02.2026 9.1
CVE-2019-25441 thesystem 1.0 Command Injection via run_command endpoint 24.02.2026 9.3
CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability 24.02.2026 9.8
CVE-2026-27112 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints 24.02.2026 9.4
CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names 23.02.2026 9.3
CVE-2021-35402 23.02.2026 10
CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 20.02.2026 9.2
CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements 20.02.2026 9.8
CVE-2026-21627 Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla 23.02.2026 9.5
CVE-2025-10970 SQLi in Kolay Software's Talentics 20.02.2026 9.8
CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution 20.02.2026 9.3
CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution 20.02.2026 9.3
CVE-2026-26980 Ghost has a SQL Injection in its Content API 20.02.2026 9.4
CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream 20.02.2026 9.3
CVE-2025-30410 21.02.2026 9.8
CVE-2025-30411 21.02.2026 10
CVE-2025-30412 21.02.2026 10
CVE-2025-30416 21.02.2026 10
CVE-2026-27476 RustFly 2.0.0 Command Injection via UDP Remote Control 20.02.2026 9.3
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization 20.02.2026 9.2
CVE-2026-2409 20.02.2026 9.3
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE 20.02.2026 9.3
CVE-2026-24834 Kata Container to Guest micro VM privilege escalation 21.02.2026 9.4
CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization 20.02.2026 9.2
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution 20.02.2026 10
CVE-2025-71243 SPIP Saisies Plugin < 5.11.1 Remote Code Execution 19.02.2026 9.3
CVE-2025-9953 SQLi in Database Software's Databank Accreditation Software 20.02.2026 9.8
CVE-2025-8350 Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS 20.02.2026 9.8
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability. 20.02.2026 10
CVE-2025-13590 Authenticated arbitrary file upload via a System REST API requiring administrator permission. 20.02.2026 9.1
CVE-2026-1994 s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover 19.02.2026 9.8
CVE-2026-2731 Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8 19.02.2026 10
CVE-2025-13563 Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation 24.02.2026 9.8
CVE-2025-13851 Buyent Theme (with Buyent Classified Plugin) <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration 19.02.2026 9.8
CVE-2026-0926 Prodigy Commerce <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] 19.02.2026 9.8
CVE-2026-1405 Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload 19.02.2026 9.8
CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation 19.02.2026 9.8
CVE-2025-15586 24.02.2026 10
CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection 24.02.2026 9.3
CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning 19.02.2026 9.1
CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow 19.02.2026 9.3
CVE-2019-25364 Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow 19.02.2026 9.3
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval 18.02.2026 9.3
CVE-2026-27175 MajorDoMo Command Injection in rc/index.php via Race Condition 18.02.2026 9.2
CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning 20.02.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2025-1242 Administrative Credentials Can Be Extracted Through Gardyn API Responses 25.02.2026
CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo 25.02.2026 8.2
CVE-2026-27701 LiveCodes vulnerable to JavaScript Injection via untrusted PR title in i18n-update-pull workflow 25.02.2026
CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) 25.02.2026 9.9
CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction 25.02.2026
CVE-2026-27846 Missing authentication in Linksys MR9600, Linksys MX4200 25.02.2026
CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200 25.02.2026
CVE-2026-27848 Missing neutralization in Linksys MR9600, Linksys MX4200 25.02.2026
CVE-2026-3206 Improper management of context cancelations 25.02.2026
CVE-2026-27692 iccDEV has HBO in CIccTagTextDescription::Release() 25.02.2026 7.1
CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service 25.02.2026 4.3
CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method 25.02.2026 9.1
CVE-2026-2878 Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX 25.02.2026 5.3
CVE-2026-27691 iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218 25.02.2026 6.2
CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload 25.02.2026
CVE-2026-3201 Improperly Controlled Sequential Memory Allocation in Wireshark 25.02.2026 4.7
CVE-2026-3202 NULL Pointer Dereference in Wireshark 25.02.2026 4.7
CVE-2026-3203 Buffer Over-read in Wireshark 25.02.2026 5.5
CVE-2026-3197 25.02.2026
CVE-2026-3185 feiyuchuixue sz-boot-parent API Endpoint sys-message authorization 25.02.2026
CVE-2026-3186 feiyuchuixue sz-boot-parent Password Reset password default password 25.02.2026
CVE-2026-28193 25.02.2026 8.8
CVE-2026-28194 25.02.2026 4.3
CVE-2026-28195 25.02.2026 4.3
CVE-2026-28196 25.02.2026 2.3
CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name 25.02.2026 2.6
CVE-2026-2624 Authentication Bypass in ePati's Antikor NGFW 25.02.2026 9.8
CVE-2026-0704 25.02.2026
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin 25.02.2026
CVE-2026-25701 25.02.2026
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern 25.02.2026 9.9
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command 25.02.2026 8.3
CVE-2026-26104 Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api 25.02.2026
CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments 25.02.2026 3.8
CVE-2026-26103 Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api 25.02.2026
CVE-2025-14742 WP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure 25.02.2026 4.3
CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter 25.02.2026 4.3
CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute 25.02.2026 6.4
CVE-2026-2410 Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update 25.02.2026 4.3
CVE-2026-3171 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting 25.02.2026
CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token 25.02.2026 7.5
CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter 25.02.2026 8.8
CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter 25.02.2026 7.5
CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload 25.02.2026 5
CVE-2026-3170 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System patient-search.php cross site scripting 25.02.2026
CVE-2026-3169 Tenda F453 httpd SafeEmailFilter fromSafeEmailFilter buffer overflow 25.02.2026
CVE-2025-11563 wcurl path traversal with percent-encoded slashes 25.02.2026
CVE-2026-1614 Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes 25.02.2026 6.4
CVE-2026-3167 Tenda F453 httpd webtypelibrary formWebTypeLibrary buffer overflow 25.02.2026
CVE-2026-3168 Tenda F453 httpd NatStaticSetting fromNatStaticSetting buffer overflow 25.02.2026
CVE-2026-3166 Tenda F453 httpd RouteStatic fromRouteStatic buffer overflow 25.02.2026
CVE-2026-25785 25.02.2026
CVE-2026-3100 An improper certificate validation vulnerability was found in the FTP Backup on the ADM. 25.02.2026
CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection 25.02.2026
CVE-2026-3165 Tenda F453 httpd AdvSetWrlsafeset fromSetWifiGusetBasic buffer overflow 25.02.2026
CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM. 25.02.2026
CVE-2026-3153 itsourcecode Document Management System register.php sql injection 25.02.2026
CVE-2026-3163 SourceCodester Website Link Extractor URL file_get_contents server-side request forgery 25.02.2026
CVE-2026-3151 itsourcecode College Management System login.php sql injection 25.02.2026
CVE-2026-3152 itsourcecode College Management System teacher-salary.php sql injection 25.02.2026
CVE-2025-0976 Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager 25.02.2026 4.7
CVE-2026-27624 Coturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL 25.02.2026 7.2
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response 25.02.2026 6.1
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs 25.02.2026 8.6
CVE-2026-3148 SourceCodester Simple and Nice Shopping Cart Script signup.php sql injection 25.02.2026
CVE-2026-3149 itsourcecode College Management System asign-single-student-subjects.php sql injection 25.02.2026
CVE-2026-3150 itsourcecode College Management System display-teacher.php sql injection 25.02.2026
CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape 25.02.2026 10
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS 25.02.2026 8.2
CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache 25.02.2026 8.8
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover 25.02.2026 9.8
CVE-2026-27639 Mercator vulnerable to stored XSS via unescaped Blade directives in display templates 25.02.2026
CVE-2026-27640 tfplan2md has Sensitive Value Exposure in Generated Reports 25.02.2026
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection 25.02.2026 9.8
CVE-2026-27743 SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection 25.02.2026
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE 25.02.2026
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE 25.02.2026
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters 25.02.2026
CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection 25.02.2026
CVE-2026-3147 libvips csvload.c vips_foreign_load_csv_build heap-based overflow 25.02.2026
CVE-2025-5781 Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager 25.02.2026 5.2
CVE-2026-25135 OpenEMR's location resource for Group.$export operation returns entire patient/user population contact information 25.02.2026 4.5
CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint 25.02.2026
CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal 25.02.2026
CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write 25.02.2026 8.1
CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint 25.02.2026
CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint 25.02.2026
CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions 25.02.2026
CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links 25.02.2026
CVE-2026-27612 Repostat Vulnerable to Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard 25.02.2026 6.1
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering 25.02.2026 9.3
CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE) 25.02.2026
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload 25.02.2026
CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks 25.02.2026 10
CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams 25.02.2026
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI) 25.02.2026 5.9
CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF) 25.02.2026 2.6
CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover 25.02.2026 9.1
CVE-2026-3145 libvips matrixload.c vips_foreign_load_matrix_header memory corruption 25.02.2026
CVE-2026-3146 libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference 25.02.2026
CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation 25.02.2026 8.7
CVE-2026-21443 OpenEMR allows inconsistent escaping of translation function output 25.02.2026
CVE-2026-24847 OpenEMR has Open Redirect in Eye Exam Form 25.02.2026 6.1
CVE-2026-24849 OpenEMR Arbitrary File Read Vulnerability 25.02.2026 10
CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs 25.02.2026 6.5
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export 25.02.2026 6.5
CVE-2026-25127 OpenEMR has Broken Access Control on Care Coordination Module 25.02.2026
CVE-2026-25131 OpenEMR has Broken Access Control in Procedures Configuration 25.02.2026 8.8
CVE-2026-2914 25.02.2026
CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client 25.02.2026 8.1
CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal 25.02.2026
CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper 25.02.2026
CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory 25.02.2026
CVE-2026-3135 itsourcecode News Portal Project add-category.php sql injection 25.02.2026
CVE-2026-3137 CodeAstro Food Ordering System food_ordering.exe stack-based overflow 25.02.2026
CVE-2026-3133 itsourcecode Document Management System Login loging.php sql injection 24.02.2026
CVE-2026-3134 itsourcecode News Portal Project edit-category.php sql injection 24.02.2026
CVE-2026-26351 GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php 24.02.2026
CVE-2026-27117 bit7z has a path traversal vulnerability 24.02.2026 5.5
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection 24.02.2026 9.3
CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion 24.02.2026
CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance 24.02.2026
CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows 24.02.2026
CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation 24.02.2026 7.5
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future 24.02.2026
CVE-2026-21410 InSAT MasterSCADA BUK-TS SQL Injection 24.02.2026 9.8
CVE-2026-22553 InSAT MasterSCADA BUK-TS OS Command Injection 24.02.2026 9.8
CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow 24.02.2026