Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-36184

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum l... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-11730

    A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series fir... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-2061

    A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit ... Read more

    Affected Products : dir-823x_firmware dir-832x
    • Published: Feb. 06, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-23572

    Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit c... Read more

    Affected Products : remote
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2026-1111

    A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of th... Read more

    Affected Products : publiccms
    • Published: Jan. 18, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2026-2063

    A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection.... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 06, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-1294

    The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible fo... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2026-2134

    A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be ... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-22849

    Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to pe... Read more

    Affected Products : saleor
    • Published: Jan. 21, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-15440

    The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2026-0845

    The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFM_S... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2026-24135

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete ar... Read more

    Affected Products : gogs
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2026-22623

    Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-1866

    The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling `html_entity_decode()` before `wp_... Read more

    Affected Products : name_directory
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-62799

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated s... Read more

    Affected Products : fast_dds
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2026-0779

    ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to expl... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-1419

    A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack... Read more

    Affected Products : dcs-700l_firmware dcs-700l
    • Published: Jan. 26, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-68518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-68838

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2026-1424

    A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly availab... Read more

    Affected Products : news_portal news_portal_project
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4522 Results