Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.6

    HIGH
    CVE-2020-37084

    School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.i... Read more

    Affected Products : school_erp_pro
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection
  • 8.6

    HIGH
    CVE-2026-22550

    OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection
  • 8.6

    HIGH
    CVE-2026-23516

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a malic... Read more

    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cross-Site Scripting
  • 8.5

    HIGH
    CVE-2026-0630

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, result... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 02, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection
  • 8.5

    HIGH
    CVE-2020-37063

    TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious execut... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
  • 8.5

    HIGH
    CVE-2019-25292

    Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSv... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration
  • 8.5

    HIGH
    CVE-2025-58382

    A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root usin... Read more

    Affected Products : fabric_operating_system
    • Published: Feb. 03, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication
  • 8.5

    HIGH
    CVE-2026-1457

    An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption
  • 8.5

    HIGH
    CVE-2025-29867

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects ... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption
  • 8.5

    HIGH
    CVE-2020-37100

    Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specif... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration
  • 8.5

    HIGH
    CVE-2026-22227

    A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of ... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 02, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection
  • 8.5

    HIGH
    CVE-2026-0631

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, res... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 02, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection
  • 8.5

    HIGH
    CVE-2025-13348

    An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a spe... Read more

    Affected Products : asus_business_manager
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization
  • 8.5

    HIGH
    CVE-2020-37048

    Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration t... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration
  • 8.5

    HIGH
    CVE-2020-37045

    Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpi... Read more

    Affected Products : netbackup
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
  • 8.5

    HIGH
    CVE-2026-22226

    A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device,... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 02, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection
  • 8.5

    HIGH
    CVE-2020-37098

    Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious ... Read more

    Affected Products : disk_sorter
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration
  • 8.5

    HIGH
    CVE-2026-25054

    n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that sup... Read more

    Affected Products : n8n
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting
  • 8.5

    HIGH
    CVE-2019-25293

    BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Blues... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration
  • 8.5

    HIGH
    CVE-2026-22223

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulti... Read more

    Affected Products : archer_be230_firmware archer_be230
    • Published: Feb. 02, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection
Showing 20 of 4678 Results