Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-70886

    An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint... Read more

    Affected Products : halo
    • Published: Feb. 12, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70121

    An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_Mob... Read more

    Affected Products : free5gc
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-62601

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sen... Read more

    Affected Products : fast_dds
    • Published: Feb. 03, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2019-25363

    WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2019-25355

    gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests wit... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2019-25354

    iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an appli... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25350

    XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an applicatio... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70956

    A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves cri... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-2415

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant ... Read more

    Affected Products : pretix
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2555

    A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a ... Read more

    Affected Products : jeecg_boot
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2629

    A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase ca... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-70954

    A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointe... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2451

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2452

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25639

    Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker ca... Read more

    Affected Products : axios
    • Published: Feb. 09, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1988

    The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenate... Read more

    Affected Products :
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-70148

    Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, res... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-0772

    Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Feb. 18, 2026

  • 7.5

    HIGH
    CVE-2026-21878

    BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing att... Read more

    Affected Products : bacnet_stack
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-22860

    Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4820 Results