Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-65081

    An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-22888

    Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.... Read more

    Affected Products : garoon
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-0663

    Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.... Read more

    Affected Products : m-files_server
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2021-47899

    YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2020-36944

    ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file c... Read more

    Affected Products : ilias
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2026-1332

    MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Jan. 22, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-48518

    Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-20977

    Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.... Read more

    Affected Products : android
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-68663

    Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue r... Read more

    Affected Products : outline
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-2302

    Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-66596

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affec... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-68933

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the `moderators_change_post_ownership` setting enabled can change ownership of posts in private messages and restric... Read more

    Affected Products : discourse
    • Published: Jan. 28, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-41082

    Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-2207

    A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is ... Read more

    Affected Products : wekan
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-29939

    Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2026-20711

    Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.... Read more

    Affected Products : garoon
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-12387

    A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to s... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2026-24824

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. Thi... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-24748

    Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed unauthenticated users to access this endpoint by specify... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-25493

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP ... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 4662 Results