Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-25561

    WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/board rela... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-14840

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.... Read more

    Affected Products : http_client_manager
    • Published: Jan. 28, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-2177

    A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-52627

    Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.... Read more

    Affected Products : aion
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-25577

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attack... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25992

    SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrict... Read more

    Affected Products : siyuan
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-25791

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP... Read more

    Affected Products : sliver
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-24773

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other user... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-58743

    Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector C... Read more

    Affected Products : windows imagedirector_capture
    • Published: Jan. 20, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-0490

    SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impa... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-25563

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25639

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by pr... Read more

    Affected Products : axios
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-23948

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU wit... Read more

    Affected Products : freerdp
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25231

    FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be a... Read more

    Affected Products : filerise
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2165

    A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to ... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-25808

    Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint with... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25961

    SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any ... Read more

    Affected Products : sumatrapdf
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-36365

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorizati... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-36070

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1194

    A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public a... Read more

    Affected Products : mineadmin
    • Published: Jan. 20, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4883 Results