🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-27509 | High | 8.0 |
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorizati…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-23703 | High | 7.8 |
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability.…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-25191 | High | 7.8 |
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-26682 | High | 7.8 |
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java compo…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-28211 | High | 7.8 |
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability …
|
✅ Patch | Feb 26, 2026 |
| CVE-2025-14343 | High | 7.6 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft T…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-28136 | High | 7.6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS …
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-22205 | High | 7.5 |
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows una…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-26078 | High | 7.5 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the `patreon_…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-26265 | High | 7.5 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerabil…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27141 | High | 7.5 |
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27449 | High | 7.5 |
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versi…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-3261 | High | 7.3 |
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settin…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-28138 | High | 7.2 |
Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-25741 | High | 7.1 |
Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpo…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27638 | High | 7.1 |
Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID), the sync API endpoi…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-22719 | High | 8.1 |
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is…
|
⚡ Exploit ✅ Patch | Feb 25, 2026 |
| CVE-2026-2958 | High | 8.8 |
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /…
|
⚡ Exploit ✅ Patch | Feb 23, 2026 |
| CVE-2026-2959 | High | 8.8 |
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of th…
|
⚡ Exploit ✅ Patch | Feb 23, 2026 |
| CVE-2026-2904 | High | 8.8 |
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/Conf…
|
⚡ Exploit ✅ Patch | Feb 22, 2026 |