Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-43181

    IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : concert
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-53869

    Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2026-2391

    ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to th... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-15542

    Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-15325

    Tanium addressed an improper input validation vulnerability in Discover.... Read more

    Affected Products : service_discover discover
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026

  • 6.3

    MEDIUM
    CVE-2026-24040

    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server),... Read more

    Affected Products : jspdf
    • Published: Feb. 02, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 6.3

    MEDIUM
    CVE-2026-24934

    The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the... Read more

    Affected Products : data_master
    • Published: Feb. 03, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-13004

    Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2026-27113

    Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution whe... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2026-1591

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list i... Read more

    Affected Products : pdf_editor_cloud
    • Published: Feb. 03, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-1685

    A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from rem... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Jan. 30, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2026-24923

    Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-66607

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows:... Read more

    Affected Products : fast\/tools
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2024-36319

    Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilabi... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2026-25507

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can be triggered by ... Read more

    Affected Products : esp-idf
    • Published: Feb. 04, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2026-25508

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm... Read more

    Affected Products : esp-idf
    • Published: Feb. 04, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2026-2065

    A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can o... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2026-1592

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This i... Read more

    Affected Products : pdf_editor_cloud
    • Published: Feb. 03, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-1425

    A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer... Read more

    Affected Products : smartdns
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-10258

    Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.... Read more

    Affected Products : infinera_dna
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection
Showing 20 of 5169 Results