Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-69612

    A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath para... Read more

    Affected Products : tms_management_console
    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-0484

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of th... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-69198

    Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more

    Affected Products : panel wings
    • Published: Jan. 19, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-21978

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Relationship Pricing). Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privil... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 20, 2026
    • Modified: Feb. 02, 2026

  • 6.5

    MEDIUM
    CVE-2026-20680

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be abl... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-1504

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 27, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-1691

    A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-20883

    Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.... Read more

    Affected Products : gitea
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15336

    Tanium addressed an incorrect default permissions vulnerability in Performance.... Read more

    Affected Products : service_performance performance
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15338

    Tanium addressed an incorrect default permissions vulnerability in Partner Integration.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-68135

    EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is re... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-2009

    A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch th... Read more

    Affected Products : gas_agency_management_system
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-36115

    IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Jan. 20, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-26006

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Cod... Read more

    Affected Products : autogpt_platform
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-24670

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47209

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-1786

    The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated a... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54148

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-54169

    An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Fi... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-71004

    A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : oneflow
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4563 Results