Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2026-1850

    Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-1847

    Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-25503

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading... Read more

    Affected Products : iccdev
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-25566

    WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong t... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-1436

    Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid us... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-25155

    Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.... Read more

    Affected Products : qwik
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026

  • 7.1

    HIGH
    CVE-2026-25999

    Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-25610

    An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-1849

    MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2019-25298

    html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentia... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2019-25299

    RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection tec... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-20606

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to bypass certain Privacy preferences.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026

  • 7.1

    HIGH
    CVE-2026-25613

    An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-36247

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability t... Read more

    Affected Products : db2
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2026-22048

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. ... Read more

    Affected Products : storagegrid
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.0

    HIGH
    CVE-2026-21517

    Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_app_for_mac
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2026-25087

    Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with va... Read more

    Affected Products : arrow
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2026-20617

    A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2024-36355

    Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2026-26158

    A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with el... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4718 Results