Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2026-24819

    Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue aff... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2026-24739

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” ... Read more

    Affected Products : symfony
    • Published: Jan. 28, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2026-24923

    Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2026-25222

    PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuri... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2026-24473

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arb... Read more

    Affected Products : hono
    • Published: Jan. 27, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2026-2110

    A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of exces... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-15344

    Tanium addressed a SQL injection vulnerability in Asset.... Read more

    Affected Products : service_asset
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-53869

    Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2026-23630

    Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting (XSS). The frontend can render attacker-controlled Mermaid diagrams using mer... Read more

    Affected Products : docmost
    • Published: Jan. 21, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-66601

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and ver... Read more

    Affected Products : fast\/tools
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2026-24934

    The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the... Read more

    Affected Products : data_master
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-27898

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-36377

    IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : security_qradar_edr
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2026-23517

    Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privile... Read more

    Affected Products : fleet
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2026-25543

    HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a speci... Read more

    Affected Products : htmlsanitizer
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-36376

    IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : security_qradar_edr
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-12781

    When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative ... Read more

    Affected Products : python
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026

  • 6.3

    MEDIUM
    CVE-2025-15542

    Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2026-1591

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list i... Read more

    Affected Products : pdf_editor_cloud
    • Published: Feb. 03, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-1685

    A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from rem... Read more

    Affected Products : dir-823x_firmware
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication
Showing 20 of 4782 Results