Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2026-25566

    WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong t... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-68008

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.... Read more

    Affected Products : wp_mail
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2020-37112

    GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints t... Read more

    Affected Products : open_eclass_platform
    • Published: Feb. 03, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-66598

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions ar... Read more

    Affected Products : fast\/tools
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2023-20548

    A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2025-69102

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through <= 1.1.7.... Read more

    Affected Products : wp_test_email
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-1436

    Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid us... Read more

    Affected Products : graylog graylog_web_interface
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-12679

    A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key.... Read more

    Affected Products : sannav brocade_sannav
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2026-25768

    LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-24915

    Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2026-22355

    Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2020-37081

    Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, an... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2020-37005

    TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint t... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-68835

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.... Read more

    Affected Products : ravpage
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-0771

    Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configurat... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Feb. 18, 2026

  • 7.1

    HIGH
    CVE-2025-62676

    An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-p... Read more

    Affected Products : forticlient forticlientwindows
    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-69318

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-31324

    A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentia... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2025-67614

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-13917

    WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization
Showing 20 of 4946 Results