CVE CyberSecurity Database News

Feb 26, 2026 API Google

CVE-2026-27465 - Exposed Google Calendar Credentials in Fleet API — Analysis, PoC, and Fix

Summary: A recent vulnerability, CVE-2026-27465, affects Fleet, the popular open source device management software. Versions prior to 4.80.1 expose Google Calendar service account

Feb 26, 2026 Windows Exploit

CVE-2026-23999 - Predictable Device Unlock PINs in Fleet Device Management Software

A newly disclosed vulnerability tracked as CVE-2026-23999 affects Fleet device management, an open-source platform used by organizations to manage laptops and servers at scale. This

Feb 26, 2026 Exploit

CVE-2026-27904 - Catastrophic Regex Backtracking in minimatch — Understanding the Danger, Code Example, and Mitigation

In March 2026, a severe vulnerability (CVE-2026-27904) was publicly disclosed involving the minimatch npm package. Minimatch is a tiny but essential library used to convert

Feb 24, 2026

CVE-2026-26983 - Understanding ImageMagick’s MSL `<map>` Use-After-Free Vulnerability

ImageMagick is a popular, free tool for handling images. A big reason for its popularity is how flexible and scriptable it is, letting users automate

Feb 23, 2026 Exploit

CVE-2025-61143 - Exploring the NULL Pointer Dereference in libtiff (up to v4.7.1) and How to Stay Safe

--- Summary: Recently, a new vulnerability, CVE-2025-61143, was found in the popular TIFF image library, libtiff (versions up to 4.7.1). This bug is