Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-24531

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2021-47798

    NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application cr... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-55251

    HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.... Read more

    Affected Products : aion
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-40551

    SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentica... Read more

    Affected Products : web_help_desk
    • Actively Exploited
    • Published: Jan. 28, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2026-0770

    Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required ... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-50926

    WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrativ... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-1413

    A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulatio... Read more

    • Published: Jan. 26, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-65482

    An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.... Read more

    Affected Products : xdocreport
    • Published: Jan. 20, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-66417

    GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.... Read more

    Affected Products : glpi
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14231

    Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP67... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-2158

    A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely... Read more

    Affected Products : student_web_portal
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-50935

    Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elev... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-2221

    A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack i... Read more

    Affected Products : online_reviewer_system
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-64087

    A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.... Read more

    Affected Products : xdocreport
    • Published: Jan. 20, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1118

    A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attac... Read more

    Affected Products : society_management_system
    • Published: Jan. 18, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2174

    A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.... Read more

    Affected Products : contact_management_system
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-2225

    A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initi... Read more

    Affected Products : news_portal_project
    • Published: Feb. 09, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55705

    This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack ... Read more

    Affected Products : evmapa
    • Published: Jan. 22, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2020-37067

    Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2020-37127

    Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4838 Results