Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-50977

    An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-65890

    A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25762

    AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may a... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61726

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-en... Read more

    Affected Products : go
    • Published: Jan. 28, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66959

    An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder... Read more

    Affected Products : ollama
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-71000

    An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-65886

    A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-65888

    A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-65891

    A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70999

    A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59439

    An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63372

    Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.... Read more

    Affected Products : windows zip_rar_extractor_tool
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-63051

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25577

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attack... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37155

    Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an applica... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-22644

    Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access... Read more

    Affected Products : incoming_goods_suite
    • Published: Jan. 15, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25791

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP... Read more

    Affected Products : sliver
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-21852

    Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository... Read more

    Affected Products : claude_code
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25561

    WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/board rela... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-2177

    A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication
Showing 20 of 4678 Results