Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-40537

    SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.... Read more

    Affected Products : web_help_desk
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-20406

    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +46 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-62349

    Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections in... Read more

    Affected Products : salt
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-22911

    Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24536

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.... Read more

    Affected Products : web_push_notifications
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-66959

    An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder... Read more

    Affected Products : ollama
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1002

    The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 ... Read more

    Affected Products : vert.x-web
    • Published: Jan. 15, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-20402

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +10 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2022-50977

    An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57156

    NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).... Read more

    Affected Products : owntone
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-59464

    A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote ... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-59465

    A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of servic... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63647

    A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.... Read more

    Affected Products : owntone
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20421

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +6 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66960

    An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata... Read more

    Affected Products : ollama
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-23743

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources (private topics, categories, posts, or hidden tags) were redirecting users to URLs containi... Read more

    Affected Products : discourse
    • Published: Jan. 28, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-9014

    A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web p... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jan. 15, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70986

    Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.... Read more

    Affected Products : ruoyi
    • Published: Jan. 23, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2021-47751

    CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() func... Read more

    Affected Products : rich_text_editor
    • Published: Jan. 13, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2020-37039

    Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service
Showing 20 of 5081 Results