This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2025-8572 - Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration
- CVE-2026-1306 - midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action
- CVE-2026-2144 - Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage
- CVE-2026-24853 - Caido has an insufficient patch for DNS rebind leading to RCE
- CVE-2026-26273 - Known affected by Account Takeover via Password Reset Token Leakage
- CVE-2025-15157 - Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
- CVE-2026-26333 - Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE
- CVE-2026-2441 - Google Chrome Use After Free Vulnerability in CSS
- CVE-2026-26187 - lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
- CVE-2025-69770 - MojoPortal CMS Zip Slip Remote Command Execution Vulnerability
- CVE-2026-26268 - Cursor sandbox escape via Git hooks
- CVE-2026-26221 - Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE
- CVE-2026-1619 - IDOR in Universal Sotware's FlexCity/Kiosk
- CVE-2025-14349 - Business Logic Error in Universal Software's FlexCity/Kiosk
- CVE-2026-25108 - FileZen OS Command Injection Vulnerability
- CVE-2020-37167 - ClamAV ClamBC <= 0.102.0 - 'ClamBC' Executable Regular Expression Error
- CVE-2019-25336 - SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
- CVE-2019-25332 - FTP Commander Pro 8.03 - Local Stack Overflow