CVE CyberSecurity Database News

Feb 26, 2026 API Google

CVE-2026-27465 - Exposed Google Calendar Credentials in Fleet API — Analysis, PoC, and Fix

Summary: A recent vulnerability, CVE-2026-27465, affects Fleet, the popular open source device management software. Versions prior to 4.80.1 expose Google Calendar service account

Feb 26, 2026 Windows Exploit

CVE-2026-23999 - Predictable Device Unlock PINs in Fleet Device Management Software

A newly disclosed vulnerability tracked as CVE-2026-23999 affects Fleet device management, an open-source platform used by organizations to manage laptops and servers at scale. This

Feb 26, 2026 Exploit

CVE-2026-27904 - Catastrophic Regex Backtracking in minimatch — Understanding the Danger, Code Example, and Mitigation

In March 2026, a severe vulnerability (CVE-2026-27904) was publicly disclosed involving the minimatch npm package. Minimatch is a tiny but essential library used to convert

Feb 24, 2026

CVE-2026-26983 - Understanding ImageMagick’s MSL `<map>` Use-After-Free Vulnerability

ImageMagick is a popular, free tool for handling images. A big reason for its popularity is how flexible and scriptable it is, letting users automate

Feb 20, 2026 Java Apache

CVE-2026-27133 - How Strimzi’s CA Chain Handling Led to Trusting Untrusted Kafka Brokers (With Exploit Details)

Strimzi makes it dead simple to run Apache Kafka on your Kubernetes or OpenShift cluster. But if you’re running versions .47. up to (but