Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-69040

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-69043

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-69042

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2020-37004

    Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by c... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-67956

    Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.... Read more

    Affected Products : user_registration
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-69050

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2026-22548

    When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technic... Read more

    • Published: Feb. 04, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-36247

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability t... Read more

    Affected Products : db2
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: XML External Entity

  • 8.2

    HIGH
    CVE-2026-23857

    Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi... Read more

    Affected Products : update_package_framework
    • Published: Feb. 12, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2026-21532

    Azure Function Information Disclosure Vulnerability... Read more

    Affected Products : azure_functions
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026

  • 8.2

    HIGH
    CVE-2026-25847

    In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible... Read more

    Affected Products : pycharm
    • Published: Feb. 09, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2026-0805

    An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more

    Affected Products : crafty_controller
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2026-1778

    Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to su... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2026-25239

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has... Read more

    Affected Products : pearweb
    • Published: Feb. 03, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2026-0383

    A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.... Read more

    Affected Products : fabric_operating_system
    • Published: Feb. 03, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2026-24441

    Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.... Read more

    Affected Products : ac7_firmware ac7
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-9986

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2026-1803

    A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an a... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2026-1610

    A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remo... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-7713

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Managemen... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4919 Results