Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2026-25514

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract s... Read more

    Affected Products : facturascripts
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-23954

    Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more

    Affected Products : incus
    • Published: Jan. 22, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2023-7335

    EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbi... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2020-37085

    VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2026-1465

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C. This issue a... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2021-47850

    Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directori... Read more

    Affected Products : mini_mouse
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2020-37034

    HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to acce... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-9283

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several s... Read more

    • Published: Jan. 20, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2020-36950

    Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and cras... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-59092

    An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the ... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-59098

    The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is u... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2026-24665

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2026-1018

    Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : police_statistics_database_system
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-9282

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seco... Read more

    • Published: Jan. 20, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-9280

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.... Read more

    • Published: Jan. 20, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2021-47749

    YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to i... Read more

    Affected Products : youphptube
    • Published: Jan. 13, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2026-24813

    NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-24480

    QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code exec... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-69215

    OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.... Read more

    Affected Products : openstamanager
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-69213

    OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker... Read more

    Affected Products : openstamanager
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection
Showing 20 of 4877 Results