Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.5

    MEDIUM
    CVE-2026-1894

    A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper auth... Read more

    Affected Products : wekan
    • Published: Feb. 04, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization
  • 6.5

    MEDIUM
    CVE-2026-24623

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting
  • 6.5

    MEDIUM
    CVE-2026-23963

    Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an ar... Read more

    Affected Products : mastodon
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2025-47402

    Transient DOS when processing a received frame with an excessively large authentication information element.... Read more

    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2026-23633

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.... Read more

    Affected Products : gogs
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Path Traversal
  • 6.5

    MEDIUM
    CVE-2026-1504

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 27, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure
  • 6.5

    MEDIUM
    CVE-2025-70899

    PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious we... Read more

    Affected Products : online_course_registration
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cross-Site Request Forgery
  • 6.5

    MEDIUM
    CVE-2025-12810

    Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in eve... Read more

    Affected Products : secret_server
    • Published: Jan. 27, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication
  • 6.5

    MEDIUM
    CVE-2022-50979

    An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2025-2668

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2025-69601

    A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more

    Affected Products : 66biolinks
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal
  • 6.5

    MEDIUM
    CVE-2026-23848

    MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Att... Read more

    Affected Products : mytube
    • Published: Jan. 19, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Misconfiguration
  • 6.5

    MEDIUM
    CVE-2026-23632

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permissio... Read more

    Affected Products : gogs
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization
  • 6.5

    MEDIUM
    CVE-2026-24829

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption
  • 6.5

    MEDIUM
    CVE-2026-2548

    A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotel... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Injection
  • 6.5

    MEDIUM
    CVE-2026-2320

    Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : linux_kernel chrome macos windows
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Misconfiguration
  • 6.5

    MEDIUM
    CVE-2025-14150

    IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure
  • 6.5

    MEDIUM
    CVE-2026-24917

    UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption
  • 6.5

    MEDIUM
    CVE-2026-0391

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge_chromium
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026
  • 6.5

    MEDIUM
    CVE-2026-2009

    A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch th... Read more

    Affected Products : gas_agency_management_system
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4529 Results