Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-14799

    The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (==... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-22274

    Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exp... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Jan. 23, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-22353

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.... Read more

    Affected Products : teachpress
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-70899

    PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious we... Read more

    Affected Products : online_course_registration
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2026-24528

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.... Read more

    Affected Products : nova_blocks
    • Published: Jan. 23, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2318

    Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : linux_kernel chrome macos windows
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-68934

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seco... Read more

    Affected Products : discourse
    • Published: Jan. 28, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-1639

    The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-36018

    IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : linux_kernel concert
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-32003

    Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low c... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-15336

    Tanium addressed an incorrect default permissions vulnerability in Performance.... Read more

    Affected Products : service_performance performance
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62853

    A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-14559

    A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in th... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47402

    Transient DOS when processing a received frame with an excessively large authentication information element.... Read more

    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-0572

    The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-24958

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.... Read more

    Affected Products : jetelements_for_elementor
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-25846

    In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs... Read more

    Affected Products : youtrack
    • Published: Feb. 09, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-0665

    An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential m... Read more

    Affected Products : qemu
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-24324

    SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or c... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-68911

    Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization
Showing 20 of 4945 Results