🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-26935 | Medium | 6.5 |
Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Servi…
|
— | Feb 26, 2026 |
| CVE-2026-26937 | Medium | 6.5 |
Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Dat…
|
— | Feb 26, 2026 |
| CVE-2026-27149 | Medium | 6.5 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in P…
|
— | Feb 26, 2026 |
| CVE-2026-27465 | Medium | 6.5 |
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration A…
|
— | Feb 26, 2026 |
| CVE-2026-28083 | Medium | 6.5 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome…
|
— | Feb 26, 2026 |
| CVE-2026-28131 | Medium | 6.5 |
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-e…
|
— | Feb 26, 2026 |
| CVE-2026-3262 | Medium | 6.3 |
A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is…
|
⚡ Exploit | Feb 26, 2026 |
| CVE-2026-3263 | Medium | 6.3 |
A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this…
|
⚡ Exploit | Feb 26, 2026 |
| CVE-2026-22722 | Medium | 6.1 |
A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null poi…
|
— | Feb 26, 2026 |
| CVE-2026-2677 | Medium | 6.1 |
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer…
|
— | Feb 26, 2026 |
| CVE-2026-2678 | Medium | 6.1 |
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura…
|
— | Feb 26, 2026 |
| CVE-2026-2679 | Medium | 6.1 |
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolte…
|
— | Feb 26, 2026 |
| CVE-2026-2680 | Medium | 6.1 |
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.…
|
— | Feb 26, 2026 |
| CVE-2026-27154 | Medium | 6.1 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name c…
|
— | Feb 26, 2026 |
| CVE-2026-22715 | Medium | 5.9 |
VMWare Workstation and Fusion contain a logic flaw in the management of network packets.
Known attack vectors: A malic…
|
— | Feb 26, 2026 |
| CVE-2026-28208 | Medium | 5.9 |
Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-26932 | Medium | 5.7 |
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service …
|
— | Feb 26, 2026 |
| CVE-2026-23999 | Medium | 5.5 |
Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs …
|
— | Feb 26, 2026 |
| CVE-2025-56605 | Medium | 5.4 |
A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event M…
|
— | Feb 26, 2026 |
| CVE-2025-64999 | Medium | 5.4 |
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker…
|
— | Feb 26, 2026 |