Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-4686

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exa... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2022-50939

    e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image... Read more

    Affected Products : e107
    • Published: Jan. 13, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2026-23493

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other ... Read more

    Affected Products : pimcore
    • Published: Jan. 15, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-69045

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2026-21280

    Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such ... Read more

    Affected Products : macos windows illustrator
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2026-0532

    External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. ... Read more

    Affected Products : kibana
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2026-21267

    Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issu... Read more

    Affected Products : macos windows dreamweaver
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2021-47909

    Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and comprom... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2026-22550

    OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-57793

    Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploit... Read more

    Affected Products : blue
    • Published: Jan. 28, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2026-22816

    Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.... Read more

    Affected Products : gradle
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Supply Chain

  • 8.6

    HIGH
    CVE-2025-13379

    IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.... Read more

    Affected Products : aspera_console
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-62673

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed f... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2026-23516

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a malic... Read more

    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-21967

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthe... Read more

    Affected Products : hospitality_opera_5
    • Published: Jan. 20, 2026
    • Modified: Jan. 29, 2026

  • 8.6

    HIGH
    CVE-2025-8587

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-61732

    A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.... Read more

    Affected Products : go
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Supply Chain

  • 8.6

    HIGH
    CVE-2025-6397

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026.  NOTE: The vendor was ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-1186

    EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where ... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2026-24780

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints (both main web API and ex... Read more

    Affected Products : autogpt_platform
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication
Showing 20 of 4984 Results