Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2026-1406

    A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of... Read more

    Affected Products :
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2026-1049

    A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack r... Read more

    Affected Products :
    • Published: Jan. 17, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-24432

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can c... Read more

    Affected Products : w30e_firmware w30e
    • Published: Jan. 26, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-52515

    An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service.... Read more

    • Published: Jan. 05, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-59899

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their sessi... Read more

    Affected Products : vx_search
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-21223

    Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, ... Read more

    Affected Products : edge_chromium
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026

  • 5.1

    MEDIUM
    CVE-2026-24820

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-40975

    Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter.... Read more

    Affected Products :
    • Published: Jan. 12, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-41084

    Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parame... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-9522

    Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-67683

    Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but di... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-68962

    Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 14, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-15543

    Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-41024

    Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:  'companyaddress', 'company... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-1183

    HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-40679

    HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.... Read more

    Affected Products : isshue
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41081

    Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/<PATH>.php/<XSS>'. This vulnerability can be exp... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-1136

    A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title cause... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2019-25297

    Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated att... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-40644

    Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerabilit... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4269 Results