Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-67077

    File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.... Read more

    Affected Products : agora-project
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-68899

    Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47918

    Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database manage... Read more

    Affected Products : simple_cms_php
    • Published: Feb. 01, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-20098

    A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerabil... Read more

    Affected Products : meeting_management
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-14377

    A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2021-47801

    Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads th... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47757

    Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary s... Read more

    Affected Products : patient_management_system
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-21229

    Improper input validation in Power BI allows an authorized attacker to execute code over a network.... Read more

    Affected Products : power_bi_report_server
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1193

    A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out rem... Read more

    Affected Products : mineadmin
    • Published: Jan. 19, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11175

    Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue ... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-2015

    A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper author... Read more

    Affected Products : i-educar
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-1544

    A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried ou... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-36972

    SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more

    Affected Products : smartblog
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13062

    The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitizatio... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-9974

    The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticat... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-37116

    GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading t... Read more

    Affected Products : open_eclass_platform
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2026-1327

    A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads ... Read more

    Affected Products : nr1800x_firmware nr1800x
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24512

    A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets... Read more

    Affected Products : ingress-nginx
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47788

    WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation... Read more

    Affected Products : websitebaker
    • Published: Jan. 16, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-22861

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe()... Read more

    Affected Products : iccdev
    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4852 Results