Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-15268

    The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products : infility_global
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15285

    The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. ... Read more

    Affected Products : seo_flow
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25563

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2022-50978

    An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-21852

    Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository... Read more

    Affected Products : claude_code
    • Published: Jan. 21, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-52627

    Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.... Read more

    Affected Products : aion
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-54263

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-20420

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +30 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20419

    In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : openwrt nbiot_sdk mt6890 mt8791t mt8676 mt8678 mt8775 mt8792 mt8796 mt7902 +18 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20421

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +6 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20406

    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +46 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25577

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attack... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25992

    SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrict... Read more

    Affected Products : siyuan
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-69619

    A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.... Read more

    Affected Products : my_teditor
    • Published: Feb. 05, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-20401

    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +10 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1175

    A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be p... Read more

    Affected Products : prime
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-1174

    A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remote... Read more

    Affected Products : prime
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25128

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xm... Read more

    Affected Products : fast-xml-parser
    • Published: Jan. 30, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-1171

    A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit... Read more

    Affected Products : prime
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1172

    A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack ... Read more

    Affected Products : prime
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4565 Results