Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-25369

    An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authe... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-24531

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-2174

    A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.... Read more

    Affected Products : contact_management_system
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2020-36967

    Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SE... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2225

    A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initi... Read more

    Affected Products : news_portal_project
    • Published: Feb. 09, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-0920

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can registe... Read more

    Affected Products : element_kit_for_elementor
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-2199

    A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in s... Read more

    Affected Products : online_reviewer_system
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-37161

    Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote co... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-47785

    Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting impr... Read more

    Affected Products : ether_mp3_cd_burner
    • Published: Jan. 16, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-20045

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unity Conne... Read more

    • Actively Exploited
    • Published: Jan. 21, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22770

    ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set ... Read more

    Affected Products : imagemagick
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2019-25232

    NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute ... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-22904

    Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote ... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-50926

    WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrativ... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-24832

    Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.... Read more

    Affected Products : ix-ray_engine_1.6
    • Published: Jan. 27, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-54335

    eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerab... Read more

    Affected Products : extplorer
    • Published: Jan. 13, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-23884

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑sid... Read more

    Affected Products : freerdp
    • Published: Jan. 19, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2198

    A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql inject... Read more

    Affected Products : online_reviewer_system
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-37120

    Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to exec... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-1357

    The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined ... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication
Showing 20 of 4833 Results