Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-15313

    Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.... Read more

    Affected Products : endpoint_euss
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-22280

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnera... Read more

    Affected Products : powerscale_onefs
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-20415

    In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; I... Read more

    Affected Products : android mt6897 mt6989
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15318

    Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.... Read more

    Affected Products : endpoint_end-user-notifications
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-21870

    BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SI... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54149

    An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-1532

    A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The a... Read more

    Affected Products : dcs-700l_firmware dcs-700l
    • Published: Jan. 28, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-20675

    The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a malicious... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-2147

    A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed... Read more

    Affected Products : ac21_firmware ac21
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-15469

    Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot alg... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2025-33081

    IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products : linux_kernel concert
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-20647

    This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-1738

    A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be execu... Read more

    Affected Products : open5gs
    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-50537

    Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. D... Read more

    Affected Products : eslint
    • Published: Jan. 26, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21339

    Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of th... Read more

    Affected Products : substance_3d_designer
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-33237

    NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.... Read more

    Affected Products : geforce
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-21315

    Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires ... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-2517

    A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial... Read more

    Affected Products : open5gs
    • Published: Feb. 15, 2026
    • Modified: Feb. 15, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-21350

    After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Explo... Read more

    Affected Products : macos windows after_effects
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-25062

    Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile wit... Read more

    Affected Products : outline
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4662 Results