Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2026-24414

    The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory gra... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-59095

    The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined wit... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-71176

    pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2026-23946

    Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vuln... Read more

    Affected Products : tendenci
    • Published: Jan. 22, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-23893

    openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by ... Read more

    Affected Products : opencryptoki
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-36511

    Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-12699

    The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof ... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2026-20413

    In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more

    Affected Products : android mt8678 mt6899 mt6991 mt8793
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2026-20414

    In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS1... Read more

    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-32452

    Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable e... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2020-37192

    MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references exte... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: XML External Entity

  • 6.7

    MEDIUM
    CVE-2025-32092

    Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexit... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20070

    Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an auth... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-52536

    Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2026-0705

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.... Read more

    Affected Products : cloud_manager
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2020-37128

    ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2020-37171

    TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-15315

    Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.... Read more

    Affected Products : moduleserver
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2026-24131

    pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": ".... Read more

    Affected Products : pnpm
    • Published: Jan. 26, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-22849

    Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged soft... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4626 Results