Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2026-21935

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris execu... Read more

    Affected Products : solaris solaris
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 5.8

    MEDIUM
    CVE-2026-1445

    A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover r... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-1742

    A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2026-24137

    sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base d... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-6723

    Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution cont... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-24319

    In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of com... Read more

    Affected Products : business_one
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2026-25904

    The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is ar... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2025-68898

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2026-25740

    captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-2666

    A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The ... Read more

    Affected Products : mcms
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-55018

    An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-46301

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2026-2539

    The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information ... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 5.7

    MEDIUM
    CVE-2026-24745

    InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the ap... Read more

    Affected Products : invoiceplane
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2026-24746

    InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the ap... Read more

    Affected Products : invoiceplane
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-46303

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-46300

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-46305

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-46304

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-7013

    Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.  NOTE: The vendor was contacted early about this discl... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization
Showing 20 of 4924 Results