Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2026-25926

    Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.e... Read more

    Affected Products : notepad\+\+
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-9062

    Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.   NOTE: The vendor was contacted early about this disclosure b... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2026-2538

    A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The a... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2026-21247

    Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2026-21248

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2026-21244

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2026-2516

    A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Att... Read more

    Affected Products : ezpdf_reader
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2026-2542

    A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible t... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-68906

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-69053

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2026-0832

    The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauth... Read more

    Affected Products : new_user_approve
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-69187

    Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.... Read more

    Affected Products : final_user
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-69185

    Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.... Read more

    Affected Products : hotel_directory
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-69051

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through <= 1.7.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2026-23988

    Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Race Condition

  • 7.3

    HIGH
    CVE-2026-24344

    Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2026-0776

    Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute lo... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 7.3

    HIGH
    CVE-2025-27821

    Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.... Read more

    Affected Products : hadoop
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-69193

    Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.... Read more

    Affected Products : wp_membership
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-68902

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4924 Results