Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-68135

    EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is re... Read more

    Affected Products : everest
    • Published: Jan. 21, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-23624

    GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on t... Read more

    Affected Products : glpi
    • Published: Feb. 04, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-15477

    The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient ... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-2208

    A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely.... Read more

    Affected Products : wekan
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-1894

    A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper auth... Read more

    Affected Products : wekan
    • Published: Feb. 04, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57708

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-15339

    Tanium addressed an incorrect default permissions vulnerability in Discover.... Read more

    Affected Products : service_discover discover
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-67942

    Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-23655

    Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-23646

    OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not prop... Read more

    Affected Products : openproject
    • Published: Jan. 19, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-1218

    A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity refere... Read more

    Affected Products : zhiyou_erp
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2026-25957

    Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13... Read more

    Affected Products : cube.js
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-2532

    A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-sid... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2026-1344

    Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.... Read more

    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-66278

    A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-21950

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to ... Read more

    Affected Products : mysql_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 6.5

    MEDIUM
    CVE-2026-21960

    Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTT... Read more

    Affected Products : applications_dba
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 6.5

    MEDIUM
    CVE-2026-21923

    Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : life_sciences_central_designer
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 6.5

    MEDIUM
    CVE-2025-68020

    Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.... Read more

    Affected Products : wanotifier
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-68013

    Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization
Showing 20 of 4626 Results