Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2026-1532

    A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The a... Read more

    Affected Products : dcs-700l_firmware dcs-700l
    • Published: Jan. 28, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-24914

    Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15491

    The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-20602

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20618

    An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-21258

    Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-21261

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-2667

    A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attac... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-20655

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more

    Affected Products : iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-70347

    An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-70092

    A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.... Read more

    Affected Products : open_source_point_of_sale
    • Published: Feb. 12, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-14876

    A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by... Read more

    Affected Products : qemu
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-21870

    BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SI... Read more

    Affected Products : bacnet_stack
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-13108

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.... Read more

    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-54192

    An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-1998

    A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may ... Read more

    Affected Products : micropython
    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-25920

    SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually acce... Read more

    Affected Products : sumatrapdf
    • Published: Feb. 09, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15314

    Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.... Read more

    Affected Products : endpoint_end-user-cx
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026

  • 5.5

    MEDIUM
    CVE-2026-24846

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a s... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Supply Chain

  • 5.5

    MEDIUM
    CVE-2025-15572

    A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunate... Read more

    Affected Products : wasm3
    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 5142 Results