CVE CyberSecurity Database News

Feb 26, 2026 Exploit

CVE-2026-27904 - Catastrophic Regex Backtracking in minimatch — Understanding the Danger, Code Example, and Mitigation

In March 2026, a severe vulnerability (CVE-2026-27904) was publicly disclosed involving the minimatch npm package. Minimatch is a tiny but essential library used to convert

Feb 24, 2026

CVE-2026-26983 - Understanding ImageMagick’s MSL `<map>` Use-After-Free Vulnerability

ImageMagick is a popular, free tool for handling images. A big reason for its popularity is how flexible and scriptable it is, letting users automate

Feb 20, 2026 Java Apache

CVE-2026-27133 - How Strimzi’s CA Chain Handling Led to Trusting Untrusted Kafka Brokers (With Exploit Details)

Strimzi makes it dead simple to run Apache Kafka on your Kubernetes or OpenShift cluster. But if you’re running versions .47. up to (but

Feb 20, 2026 XSS WordPress Exploit

CVE-2024-51915 - Stored XSS in LiteSpeed Cache Plugin (<= 6.5.2) — Full Exploit Details

A new security issue—CVE-2024-51915—was discovered in the popular LiteSpeed Cache plugin for WordPress, affecting all versions up to and including 6.5.2.

Feb 18, 2026 Exploit

CVE-2025-1272 - Fedora Linux Kernels 6.12+ Disables Lockdown Mode Silently, Exposing Secure Boot to Major Risks

A new vulnerability, CVE-2025-1272, has been discovered in Fedora Linux distributions running the Linux kernel version 6.12 and above. This flaw happens because the