Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-27903

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2026-24614

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-33101

    IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.... Read more

    Affected Products : concert
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-36379

    IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : security_qradar_edr
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2026-2666

    A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The ... Read more

    Affected Products : mcms
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-0829

    The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Att... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2026-2537

    A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to comma... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2026-21935

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris execu... Read more

    Affected Products : solaris solaris
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 5.8

    MEDIUM
    CVE-2026-21927

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris execu... Read more

    Affected Products : solaris solaris
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 5.8

    MEDIUM
    CVE-2026-25528

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values throu... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2026-1884

    A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initi... Read more

    Affected Products : zentao
    • Published: Feb. 04, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2026-24851

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 ( openfga-0.2.22<= Helm chart <= openfga-0.2.51, v.1.8.5 <= docker <= v.1.11.2) are vulnerable to im... Read more

    Affected Products : openfga
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2026-25740

    captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-1790

    Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2026-24928

    Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-55018

    An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-6723

    Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution cont... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-2226

    A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be la... Read more

    Affected Products : douphp
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-13391

    The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and inclu... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2026-1742

    A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication
Showing 20 of 4926 Results