Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-15347

    The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in al... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-22771

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These... Read more

    Affected Products : gateway
    • Published: Jan. 12, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2026-24854

    ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL inject... Read more

    Affected Products : churchcrm
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47788

    WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation... Read more

    Affected Products : websitebaker
    • Published: Jan. 16, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-69516

    A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24412

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when use... Read more

    Affected Products : iccdev
    • Published: Jan. 24, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-0908

    Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2021-47763

    Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-0492

    SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidenti... Read more

    Affected Products : hana_database
    • Published: Jan. 13, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-61973

    A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-0899

    Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-9974

    The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticat... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-23492

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted... Read more

    Affected Products : pimcore
    • Published: Jan. 14, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-0844

    The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with mi... Read more

    Affected Products : simple_user_registration
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-67619

    Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24440

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when... Read more

    Affected Products : w30e_firmware w30e
    • Published: Jan. 26, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2022-50975

    An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-14386

    The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions i... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-63018

    Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-69293

    Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.... Read more

    Affected Products : final_user
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization
Showing 20 of 4510 Results