Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2026-20098

    A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerabil... Read more

    Affected Products : meeting_management
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24406

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable i... Read more

    Affected Products : iccdev
    • Published: Jan. 24, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-25059

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with val... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2026-2169

    A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. ... Read more

    Affected Products : dwr-m921_firmware dwr-m921
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-2168

    A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The e... Read more

    Affected Products : dwr-m921_firmware dwr-m921
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-37141

    AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentia... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-2167

    A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed f... Read more

    Affected Products : wa300_firmware wa300
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47903

    LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuratio... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24404

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs whe... Read more

    Affected Products : iccdev
    • Published: Jan. 24, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-69036

    Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58411

    Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an inter... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-1169

    A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and... Read more

    Affected Products : prime
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-66138

    Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24534

    Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24532

    Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-61973

    A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-52436

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 al... Read more

    Affected Products : fortisandbox
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2020-37117

    jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepa... Read more

    Affected Products : jizhicms
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2020-36999

    Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-41717

    An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to im... Read more

    • Published: Jan. 13, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection
Showing 20 of 5090 Results