Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-47798

    NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application cr... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37069

    Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-22770

    ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set ... Read more

    Affected Products : imagemagick
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-50905

    e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An at... Read more

    Affected Products : e107
    • Published: Jan. 13, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-14233

    Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37161

    Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote co... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-23978

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-10915

    The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-1124

    A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in ... Read more

    Affected Products : ksoa
    • Published: Jan. 18, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1130

    A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiat... Read more

    Affected Products : ksoa
    • Published: Jan. 19, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22586

    Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2026-24770

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remo... Read more

    Affected Products : ragflow
    • Published: Jan. 27, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-67617

    Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-24858

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, For... Read more

    • Actively Exploited
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-54330

    Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targe... Read more

    Affected Products : inbit_messenger
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2090

    A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be e... Read more

    Affected Products : online_class_record_system
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59870

    HCL MyXalytics  is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk... Read more

    Affected Products : dryice_myxalytics myxalytics
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-14235

    Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2132

    A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can... Read more

    Affected Products : online_music_site
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2089

    A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of th... Read more

    Affected Products : online_class_record_system
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection
Showing 20 of 5090 Results