Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2026-22220

    A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent a... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 03, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-20138

    In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecre... Read more

    Affected Products : splunk
    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-1741

    A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2026-25727

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally de... Read more

    Affected Products : time
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-27008

    OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only `skills... Read more

    Affected Products : openclaw
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-30508

    Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable den... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2026-24413

    Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its... Read more

    Affected Products : icinga windows
    • Published: Jan. 29, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-23968

    Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require... Read more

    Affected Products : copier
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2026-1301

    In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2026-24918

    Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-71176

    pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2026-23764

    VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively)... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2026-26100

    Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2026-24427

    Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response b... Read more

    Affected Products : ac7_firmware ac7
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-23946

    Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vuln... Read more

    Affected Products : tendenci
    • Published: Jan. 22, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2026-22228

    An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unre... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 03, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-2565

    A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remo... Read more

    Affected Products : wl-nu516u1_firmware wl-nu516u1
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-7708

    Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this d... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-0012

    Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-41117

    Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API ap... Read more

    Affected Products : grafana
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5140 Results