Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-47875

    GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculato... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2020-37010

    BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pa... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-1331

    MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-20045

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Conne... Read more

    • Actively Exploited
    • Published: Jan. 21, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2087

    A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remot... Read more

    Affected Products : online_class_record_system
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2225

    A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initi... Read more

    Affected Products : news_portal_project
    • Published: Feb. 09, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2088

    A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotel... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22249

    Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more

    Affected Products : docmost
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-2089

    A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of th... Read more

    Affected Products : online_class_record_system
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2073

    A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from rem... Read more

    • Published: Feb. 07, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-36940

    Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an a... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-67229

    An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.... Read more

    Affected Products : builder
    • Published: Jan. 23, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-2197

    A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possib... Read more

    Affected Products : online_reviewer_system
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2083

    A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack re... Read more

    Affected Products : social_networking_site
    • Published: Feb. 07, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1340

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25232

    NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute ... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37000

    Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, S... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-62581

    Delta Electronics DIAView has multiple vulnerabilities.... Read more

    Affected Products : diaview
    • Published: Jan. 16, 2026
    • Modified: Jan. 20, 2026

  • 9.8

    CRITICAL
    CVE-2025-40554

    SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.... Read more

    Affected Products : web_help_desk
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2021-47798

    NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application cr... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4683 Results