Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-25363

    Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.... Read more

    Affected Products : foogallery
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-25389

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.... Read more

    Affected Products : eventprime
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-71223

    In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in smb2_open() When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file must be released.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23167

    In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nci_unregister_device(). syzbot reported the splat below [0] without a repro. It indicates that struct nci_dev.cmd_wq had been destroyed before nc... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-25387

    Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through <= 1.7.1.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23163

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove On APUs such as Raven and Renoir (GC 9.1.0, 9.2.2, 9.3.0), the ih1 and ih2 interrupt ring buffers are not ini... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-55853

    SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. Thi... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-71200

    In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link brok... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23157

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of ba... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23548

    Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25.... Read more

    Affected Products : directorypress
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23116

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-23119

    In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to __skb_flow_dissect() After 3cbf4ffba5ee ("net: plumb network namespace into __skb_flow_dissect") we have to provide a net pointer to __skb_flow_dissect... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23805

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-23158

    In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guard(mutex) to protect the device structure. However, the device is freed before the guard... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23129

    In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpll_xa_ref_{dpll,pin}_add() to reject duplicate registration attempts. Previously, if a caller attempted... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026

  • 0.0

    NA
    CVE-2026-23184

    In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in binder_netlink_report() Oneway transactions sent to frozen targets via binder_proc_transaction() return a BR_TRANSACTION_PENDING_FROZEN error but they are still treat... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23154

    In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughpu... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-25329

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-59793

    Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path ... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-71203

    In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 5149 Results