Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2026-21250

    Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-25143

    melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/bu... Read more

    Affected Products : melange
    • Published: Feb. 04, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-33246

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to c... Read more

    Affected Products : nemo
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-69604

    An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.... Read more

    Affected Products : superduper\!
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2026-0874

    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21245

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-33236

    NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tamp... Read more

    Affected Products : nemo
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2026-20615

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2026-21259

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-15062

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerab... Read more

    Affected Products : sketchup
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 7.8

    HIGH
    CVE-2026-25731

    calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --temp... Read more

    Affected Products : calibre
    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2026-21238

    Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-15348

    Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to ... Read more

    Affected Products : shockline
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 7.8

    HIGH
    CVE-2026-23599

    A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privi... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2026-21240

    Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2026-24149

    NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, infor... Read more

    Affected Products : megatron-lm
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-46691

    Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-33218

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d... Read more

    Affected Products : geforce tesla
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-2103

    Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the app... Read more

    Affected Products : syteline_erp
    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-15310

    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.... Read more

    Affected Products : endpoint_patch
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4763 Results