Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2026-23838

    Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the ... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2026-2236

    C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-68702

    Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability ... Read more

    Affected Products : jervis
    • Published: Jan. 13, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-68703

    Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixe... Read more

    Affected Products : jervis
    • Published: Jan. 13, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2026-21913

    An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports ... Read more

    Affected Products : junos ex4000-48mp ex4000-48p ex4000-48t
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2022-50897

    mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation... Read more

    Affected Products : mpdf
    • Published: Jan. 13, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2021-47752

    AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladm... Read more

    Affected Products : awebserver
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2020-36939

    Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system f... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-69216

    OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-22867

    LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the U... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2021-47749

    YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to i... Read more

    Affected Products : youphptube
    • Published: Jan. 13, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2026-24740

    Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope con... Read more

    Affected Products : dozzle
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2020-37097

    Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and p... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2021-47795

    GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path trav... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2020-37093

    Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network crede... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2026-24678

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is... Read more

    Affected Products : freerdp
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-0750

    Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2020-37088

    School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory t... Read more

    Affected Products : school_erp_pro
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2026-1023

    Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.... Read more

    Affected Products : statistics_database_system
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2026-24419

    OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The applicat... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection
Showing 20 of 5097 Results