Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2026-24530

    Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24356

    Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24512

    A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets... Read more

    Affected Products : ingress-nginx
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-69002

    Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1550

    A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation re... Read more

    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24887

    Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this... Read more

    Affected Products : claude_code
    • Published: Feb. 03, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-21625

    User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.... Read more

    Affected Products : easydiscuss
    • Published: Jan. 16, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-52628

    HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue af... Read more

    Affected Products : aion
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2026-24788

    RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.... Read more

    Affected Products : raspap
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10465

    Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2020-37110

    60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1327

    A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads ... Read more

    Affected Products : nr1800x_firmware nr1800x
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-37083

    PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-69182

    Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.... Read more

    Affected Products : institutions_directory
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2020-37032

    Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger ope... Read more

    Affected Products : wing_ftp_server
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25260

    OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PH... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1861

    Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2020-37076

    Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract dat... Read more

    Affected Products : victor_cms
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-25859

    Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-23754

    D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including ... Read more

    Affected Products : d-view_8
    • Published: Jan. 21, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Authorization
Showing 20 of 4679 Results