Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-1625

    A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. Th... Read more

    Affected Products : dwr-m961_firmware
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-24845

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI i... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-36407

    IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-67261

    Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page.... Read more

    Affected Products : retail_point_of_sale
    • Published: Jan. 20, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-68006

    Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-69055

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-20636

    The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : macos iphone_os safari ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-8303

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module – Store Module – New Language System) allows... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2022-41650

    Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-25480

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as r... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-70091

    A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.... Read more

    Affected Products : open_source_point_of_sale
    • Published: Feb. 13, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-25479

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . m... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-21980

    Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo... Read more

    Affected Products : life_sciences_central_coding
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 6.5

    MEDIUM
    CVE-2025-36424

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-36427

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-47402

    Transient DOS when processing a received frame with an excessively large authentication information element.... Read more

    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-24829

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-32057

    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration f... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-68039

    Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.... Read more

    Affected Products : backup_and_restore_wordpress
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-68896

    Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization
Showing 20 of 4818 Results