Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-67964

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-69003

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.... Read more

    Affected Products : kentharadio
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68849

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68010

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.... Read more

    Affected Products : netgsm
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-12679

    A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key.... Read more

    Affected Products : sannav brocade_sannav
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2026-23976

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-21976

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privilege... Read more

    Affected Products : business_intelligence
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 7.1

    HIGH
    CVE-2020-37105

    PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-22355

    Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-29950

    Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2020-37005

    TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint t... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11743

    A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.... Read more

    Affected Products : compactlogix_5370_firmware
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2020-37108

    PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extra... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2020-37154

    eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentiall... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-68008

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.... Read more

    Affected Products : wp_mail
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-67614

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-55131

    A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2021-47921

    Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve ... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-11142

    The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.... Read more

    Affected Products : axis_os
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-21986

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026
Showing 20 of 4761 Results