Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2026-24762

    RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorde... Read more

    Affected Products : rustfs
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-23764

    VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively)... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2026-23893

    openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by ... Read more

    Affected Products : opencryptoki
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2026-20982

    Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.... Read more

    Affected Products : android
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-71176

    pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2026-20144

    In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-24413

    Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its... Read more

    Affected Products : icinga
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-24784

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would ru... Read more

    Affected Products : dotnetnuke
    • Published: Jan. 28, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-32063

    There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disable... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2026-25933

    Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data r... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-0012

    Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2026-22228

    An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unre... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 03, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-24414

    The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory gra... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-31990

    Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unrespon... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-1741

    A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-67124

    A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesy... Read more

    Affected Products : miniserve
    • Published: Jan. 23, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 6.8

    MEDIUM
    CVE-2025-14973

    The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-57796

    Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encr... Read more

    Affected Products : blue
    • Published: Jan. 28, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-59095

    The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined wit... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-41117

    Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API ap... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4756 Results