Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-1701

    A security vulnerability has been detected in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch t... Read more

    • Published: Jan. 30, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-20045

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Conne... Read more

    • Actively Exploited
    • Published: Jan. 21, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-25938

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin... Read more

    Affected Products : fuxa
    • Published: Feb. 09, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-26190

    Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentica... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-51958

    aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.... Read more

    Affected Products : runcommand
    • Published: Jan. 30, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14014

    Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smar... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2019-25337

    OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search pa... Read more

    Affected Products : owncloud
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2019-25321

    FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted int... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2019-25319

    Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-70314

    webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-26218

    newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to chang... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-24302

    Azure Arc Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_arc
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026

  • 9.8

    CRITICAL
    CVE-2026-1962

    A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiate... Read more

    Affected Products : wekan
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-70981

    CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-2249

    METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privil... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-21531

    Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-70085

    An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checkin... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-22583

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befo... Read more

    Affected Products : marketing_cloud_engagement
    • Published: Jan. 24, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22582

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befor... Read more

    Affected Products : marketing_cloud_engagement
    • Published: Jan. 24, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22586

    Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects... Read more

    Affected Products : marketing_cloud_engagement
    • Published: Jan. 24, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cryptography
Showing 20 of 4674 Results