Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2026-24046

    Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could e... Read more

    Affected Products : backstage
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-67923

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.... Read more

    Affected Products : jetengine
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-0771

    Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configurat... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 7.1

    HIGH
    CVE-2025-67960

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.... Read more

    Affected Products : workscout_core
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2020-37154

    eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentiall... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-67959

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07.... Read more

    Affected Products : workscout
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68859

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68858

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-67964

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2020-37115

    GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and ... Read more

    Affected Products : open_eclass_platform
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2023-20548

    A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-10279

    In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race cond... Read more

    Affected Products : mlflow
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-59104

    With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An at... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-59105

    With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, ... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 7.0

    HIGH
    CVE-2025-11002

    7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerabilit... Read more

    Affected Products : 7-zip
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2026-21242

    Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2026-21508

    Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2026-21253

    Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-14295

    Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 7.0

    HIGH
    CVE-2025-13917

    WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization
Showing 20 of 4542 Results