Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-24138

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can ... Read more

    Affected Products : fogproject
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2026-0785

    ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to explo... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-0786

    ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to explo... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-23864

    Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted H... Read more

    Affected Products : react
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70650

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70648

    Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-21720

    Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks foreve... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-22259

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of mem... Read more

    Affected Products : suricata
    • Published: Jan. 27, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29847

    A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass... Read more

    Affected Products : linkis
    • Published: Jan. 19, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-24831

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.... Read more

    Affected Products : ix-ray_engine_1.6
    • Published: Jan. 27, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-24783

    soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The log... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2020-36949

    TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fi... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2021-47793

    Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger a... Read more

    Affected Products : telegram_desktop
    • Published: Jan. 16, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1802

    A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launch... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-1587

    A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiat... Read more

    Affected Products : open5gs
    • Published: Jan. 29, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-0702

    The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of su... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-65889

    A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-22279

    Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.... Read more

    Affected Products : powerscale_onefs
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24422

    phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAl... Read more

    Affected Products : phpmyfaq
    • Published: Jan. 24, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-68017

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection
Showing 20 of 4840 Results