Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2026-26264

    BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). T... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2026-1333

    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-63421

    An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026

  • 7.8

    HIGH
    CVE-2026-25676

    The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2026-20610

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-69604

    An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.... Read more

    Affected Products : superduper\!
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2026-20614

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2026-20616

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termi... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-20700

    A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary co... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Actively Exploited
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21245

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-23856

    Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2026-1334

    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-26208

    ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with ... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2026-21251

    Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2026-25991

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The applicatio... Read more

    Affected Products : recipes
    • Published: Feb. 13, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2025-61879

    In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-15556

    Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update t... Read more

    Affected Products : notepad\+\+ notepad\+\+
    • Actively Exploited
    • Published: Feb. 03, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2026-25506

    MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process mem... Read more

    Affected Products : munge
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2026-24491

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in... Read more

    Affected Products : freerdp
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-69285

    SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload... Read more

    Affected Products : sqlbot
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authentication
Showing 20 of 4663 Results