Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2026-24846

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a s... Read more

    Affected Products : malcontent
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Supply Chain

  • 5.5

    MEDIUM
    CVE-2026-22795

    Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory r... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-21332

    InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of th... Read more

    Affected Products : macos windows indesign
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-33081

    IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products : linux_kernel concert
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-1734

    A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization... Read more

    Affected Products : crmeb
    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-1737

    A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachabl... Read more

    Affected Products : open5gs
    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-28162

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing th... Read more

    Affected Products : libpng
    • Published: Jan. 27, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25062

    Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile wit... Read more

    Affected Products : outline
    • Published: Feb. 11, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-20608

    This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected p... Read more

    Affected Products : macos iphone_os safari ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20630

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-20638

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.... Read more

    Affected Products : iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-20619

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-20648

    A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-2327

    Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by... Read more

    Affected Products : markdown-it
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20623

    A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-56807

    An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following ver... Read more

    Affected Products : media_streaming_add-on
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-25061

    tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can caus... Read more

    Affected Products : tcpflow
    • Published: Jan. 29, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-20647

    This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43403

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-20653

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An a... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4802 Results