Latest vulnerabilities list. 4. g. Feb 26, 2026 · Cisco warns CVE-2026-20127 (CVSS 10. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Performing a manipulation of the argument apiUrl results in server-side request forgery. You can view CVE vulnerability details, exploits, references, metasploit modules, full Access Microsoft Security Response Center's guide to address vulnerabilities, manage security risks, and keep your systems protected with the latest updates. 5. Jan 21, 2026 · Information Technology Laboratory Vulnerabilities. 4 is able to address this issue. 0 through 17. CVEDetails. This page lists the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), including risk scores, affected vendors, and mitigation insights. 1. , software and shared libraries) to those vulnerabilities. Feb 25, 2026 · Check Point Research identified critical vulnerabilities in Anthropic’s Claude Code that enabled remote code execution and API credential theft through malicious repository-based configuration files. The Common Vulnerabilities and Exposures (CVE) Program’s primary purpose is to uniquely identify vulnerabilities and to associate specific versions of code bases (e. Feb 11, 2026 · Microsoft patches 59 vulnerabilities, including six actively exploited zero-days, with CISA mandating urgent federal remediation. Upgrading to version 1. There are currently over 318,000 CVE Records accessible via Download or Keyword Search above. 5 days ago · Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. 16 hours ago · Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities. 2. Jan 27, 2026 · Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security feature bypass flaw. We provide this information to vendors so that they can create patches and protect their customers as soon as possible. Browse the latest discovered CVE vulnerabilities with risk scoring, exploit data, and real-time security analytics from CVEFeed. Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Upgrading the affected component is advised. Exploits are all included in the Metasploit framework. com is a vulnerability intelligence solution providing CVE security vulnerability database, exploits, advisories, product and CVE risk scores, attack surface intelligence, open source vulnerabilities, code changes, vulnerabilities affecting your attack surface and software inventory/tech stack. This database is updated frequently and contains the most recent security research. 6 days ago · Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006. Mar 2, 2026 · A curated repository of over 180,000 exploitable vulnerabilities and vetted computer software exploits. Remote exploitation of the attack is possible. 0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and mandates urgent fixes. Mar 3, 2026 · Talos investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do. The exploit is now public and may be used. 4 days ago · CISA also added Apple vulnerabilities CVE-2021-30952 and CVE-2023-41974 to the catalog after Google’s Threat Intelligence Group reported the discovery of a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) that targets Apple iPhones running iOS versions 13. Instructions for subscribing to email notifications of Critical Patch Update Advisories and Security Alerts. Feb 24, 2026 · Mozilla Foundation Security Advisory 2026-13 Security Vulnerabilities fixed in Firefox 148 Announced February 24, 2026 Impact high Products Firefox Fixed in Firefox 148 # CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component Reporter Igor Morgenstern Impact high References Bug 2001637 Jan 18, 2006 · This page lists announcements of security fixes made in Critical Patch Update Advisories, Security Alerts and Bulletins, and it is updated when new Critical Patch Update Advisories, Security Alerts and Bulletins are released. Feb 16, 2026 · Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution. fvuggo niik xmjy fbwaed jgfi crfax tginmn mxkzh crjvhg vfpv