Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-61643

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026

  • 2.7

    LOW
    CVE-2025-13881

    A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-14270

    The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_numb... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-61652

    Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026

  • 2.7

    LOW
    CVE-2026-2419

    The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows direc... Read more

    Affected Products : wp-downloadmanager
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2026-0925

    Tanium addressed an improper input validation vulnerability in Discover.... Read more

    Affected Products : service_asset
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Information Disclosure

  • 2.5

    LOW
    CVE-2026-23901

    Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existe... Read more

    Affected Products : shiro
    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2026-2655

    A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local appr... Read more

    Affected Products : chaiscript
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2026-2656

    A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's ... Read more

    Affected Products : chaiscript
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2026-0872

    Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.... Read more

    Affected Products : safenet_agent_for_windows_logon
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Cryptography

  • 2.4

    LOW
    CVE-2026-20642

    An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-14055

    An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 2.4

    LOW
    CVE-2026-1966

    YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external director... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2026-27484

    OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where... Read more

    Affected Products : openclaw
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2025-6927

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2,... Read more

    Affected Products : mediawiki
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2026-27205

    Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerabili... Read more

    Affected Products :
    • Published: Feb. 21, 2026
    • Modified: Feb. 21, 2026
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2025-14547

    An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.... Read more

    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2026-21620

    Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is... Read more

    Affected Products : erlang\/otp
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 2.3

    LOW
    CVE-2025-12474

    A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes t... Read more

    Affected Products : libjxl
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2025-66603

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are ... Read more

    Affected Products : fast\/tools
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4802 Results