Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-2148

    A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiat... Read more

    Affected Products : ac21_firmware ac21
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-68905

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2684

    A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-21720

    Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks foreve... Read more

    Affected Products : grafana
    • Published: Jan. 27, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25564

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66720

    Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.... Read more

    Affected Products : pcf
    • Published: Jan. 23, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2026-2618

    A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is conside... Read more

    Affected Products : 777vr1_firmware 777vr1
    • Published: Feb. 17, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cryptography

  • 7.4

    HIGH
    CVE-2026-24052

    Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains... Read more

    Affected Products : claude_code
    • Published: Feb. 03, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.4

    HIGH
    CVE-2026-0723

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authen... Read more

    Affected Products : gitlab
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2026-24348

    Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.... Read more

    • Published: Jan. 27, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-70093

    An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.... Read more

    Affected Products : open_source_point_of_sale
    • Published: Feb. 13, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-69419

    Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The ou... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2025-68134

    EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when an... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2026-21932

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026

  • 7.4

    HIGH
    CVE-2026-21524

    Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : azure_data_explorer
    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026

  • 7.4

    HIGH
    CVE-2025-65098

    Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in thei... Read more

    Affected Products : typebot
    • Published: Jan. 22, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2026-21521

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_word_copilot
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026

  • 7.4

    HIGH
    CVE-2025-68136

    EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers ca... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2026-1707

    pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can obse... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-68141

    EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed o... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4941 Results