Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-1988

    The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenate... Read more

    Affected Products :
    • Published: Feb. 14, 2026
    • Modified: Feb. 14, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-2024

    The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Feb. 14, 2026
    • Modified: Feb. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2020-37201

    NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cr... Read more

    Affected Products : netsharewatcher
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2020-37200

    NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration ... Read more

    Affected Products : netsharewatcher
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2621

    A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sq... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-21511

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-0929

    The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.... Read more

    Affected Products : registrationmagic
    • Published: Feb. 16, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-70954

    A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointe... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2056

    A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more

    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-1682

    A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. ... Read more

    Affected Products : free5gc smf
    • Published: Jan. 30, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2452

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2415

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant ... Read more

    Affected Products : pretix
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2026-1707

    pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can obse... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-33088

    IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.... Read more

    Affected Products : concert
    • Published: Feb. 17, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-69821

    An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection... Read more

    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-68133

    EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 commun... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-68141

    EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed o... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2026-24123

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `d... Read more

    Affected Products : bentoml
    • Published: Jan. 26, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 7.4

    HIGH
    CVE-2026-25478

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters a... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-68621

    Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthen... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication
Showing 20 of 4638 Results