Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-20883

    Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.... Read more

    Affected Products : gitea
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-1691

    A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-0767

    Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploi... Read more

    Affected Products : open_webui
    • Published: Jan. 23, 2026
    • Modified: Jan. 30, 2026

  • 6.5

    MEDIUM
    CVE-2026-23848

    MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Att... Read more

    Affected Products : mytube
    • Published: Jan. 19, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-69601

    A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more

    Affected Products : 66biolinks
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-2668

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2022-50979

    An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-21978

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Relationship Pricing). Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privil... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 20, 2026
    • Modified: Feb. 02, 2026

  • 6.5

    MEDIUM
    CVE-2026-23964

    Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's pus... Read more

    Affected Products : mastodon
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-70899

    PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious we... Read more

    Affected Products : online_course_registration
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-69198

    Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more

    Affected Products : panel wings
    • Published: Jan. 19, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-23963

    Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an ar... Read more

    Affected Products : mastodon
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-69612

    A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath para... Read more

    Affected Products : tms_management_console
    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-24952

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-25036

    Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-71006

    A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-65887

    A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-24957

    Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-1810

    A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of t... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-1812

    A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File l... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4536 Results