Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2026-24123

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `d... Read more

    Affected Products : bentoml
    • Published: Jan. 26, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 7.4

    HIGH
    CVE-2026-21521

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_word_copilot
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026

  • 7.4

    HIGH
    CVE-2025-59960

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Den... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-69419

    Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The ou... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2026-24052

    Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains... Read more

    Affected Products : claude_code
    • Published: Feb. 03, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.4

    HIGH
    CVE-2026-0723

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authen... Read more

    Affected Products : gitlab
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2025-68134

    EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when an... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-15032

    Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2026-21524

    Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : azure_data_explorer
    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026

  • 7.4

    HIGH
    CVE-2025-14457

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2.... Read more

    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2026-1707

    pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can obse... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2026-26214

    Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSoc... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2026-24045

    Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows St... Read more

    Affected Products : docmost
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2026-24925

    Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-14560

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of ... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2026-21248

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-29951

    A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-52541

    A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2026-0595

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-67850

    A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fie... Read more

    Affected Products : moodle
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4770 Results