Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2026-22380

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2026-0508

    The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalida... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2026-22153

    An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is ... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2026-1530

    A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications betwee... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2026-25890

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying ... Read more

    Affected Products : filebrowser
    • Published: Feb. 09, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2026-1529

    A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the at... Read more

    Affected Products : keycloak
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2026-26362

    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.... Read more

    Affected Products : unisphere_for_powermax
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 8.0

    HIGH
    CVE-2026-25804

    Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations wh... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-59482

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field ... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-61944

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an exces... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2026-25805

    Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or ... Read more

    Affected Products : zed
    • Published: Feb. 10, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2026-21523

    Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.... Read more

    Affected Products : visual_studio_code
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 8.0

    HIGH
    CVE-2026-24785

    Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cryptography

  • 8.0

    HIGH
    CVE-2026-21257

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : visual_studio_2022
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-3839

    A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The br... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-7016

    Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12.... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2026-24885

    Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce ... Read more

    Affected Products : kanboard
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2025-62404

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceed... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-61983

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an exces... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-62405

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field ... Read more

    Affected Products : archer_ax53_firmware archer_ax53
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 5139 Results