Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-47846

    Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL inject... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47915

    PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries... Read more

    Affected Products : php_melody
    • Published: Feb. 01, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24070

    During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed a... Read more

    Affected Products : macos native_access
    • Published: Feb. 02, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-15080

    Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected produc... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2026-24367

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-25161

    Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-le... Read more

    Affected Products : alist
    • Published: Feb. 04, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-36588

    Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, ... Read more

    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7740

    Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-70893

    A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authe... Read more

    Affected Products : cyber_cafe_management_system
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-0969

    The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0.... Read more

    Affected Products : go-getter
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-24428

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted requ... Read more

    Affected Products : w30e_firmware w30e
    • Published: Jan. 26, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24840

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the databa... Read more

    Affected Products : dokploy
    • Published: Jan. 28, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-25538

    Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global ... Read more

    Affected Products : devtron
    • Published: Feb. 04, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-54002

    Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11175

    Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue ... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1746

    A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attac... Read more

    Affected Products : jeecg_boot
    • Published: Feb. 02, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1544

    A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried ou... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-36972

    SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more

    Affected Products : smartblog
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47794

    ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command ... Read more

    Affected Products : zeslecp
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-0766

    Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability... Read more

    Affected Products : open_webui
    • Published: Jan. 23, 2026
    • Modified: Jan. 30, 2026
Showing 20 of 4666 Results