Common Vulnerabilities and Exposures (CVE)

CVE-2026-3010

Feb 28, 2026 11:45:30 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.

CVE-2026-2844

Feb 28, 2026 11:44:07 UTC

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

CVE-2025-13673

Feb 28, 2026 07:25:35 UTC

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter...

CVE-2026-2471

Feb 28, 2026 06:27:42 UTC

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the `BaseModel` class constr...

CVE-2026-1542

Feb 28, 2026 06:00:08 UTC

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

CVE-2026-28372

Feb 28, 2026 04:55:43 UTC

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over...

CVE-2026-2492

Feb 28, 2026 04:55:41 UTC

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the a...

CVE-2026-3223

Feb 28, 2026 04:55:40 UTC

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

CVE-2025-9907

Feb 28, 2026 04:55:39 UTC

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when...

CVE-2025-9908

Feb 28, 2026 04:55:37 UTC

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and ...

CVE-2026-2251

Feb 28, 2026 04:55:29 UTC

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7....

CVE-2026-27967

Feb 28, 2026 04:55:28 UTC

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory** when a project contains symbolic links...

CVE-2026-27966

Feb 28, 2026 04:55:26 UTC

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_r...

CVE-2026-21619

Feb 28, 2026 03:47:44 UTC

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This ...

CVE-2026-27021

Feb 28, 2026 03:25:15 UTC

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any p...