Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-0612

    The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor... Read more

    Affected Products : the_librarian
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2026-2148

    A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiat... Read more

    Affected Products : ac21_firmware ac21
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-23864

    Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted H... Read more

    Affected Products : react
    • Published: Jan. 26, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-68907

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2020-37107

    Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account ... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-2058

    A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument ... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-70650

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70648

    Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-21511

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-70746

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2113

    A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization.... Read more

    Affected Products : tpadmin
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-8590

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-15281

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.... Read more

    Affected Products : glibc
    • Published: Jan. 20, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2020-37205

    RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name fiel... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-23569

    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted r... Read more

    Affected Products : windows digital_employee_experience
    • Published: Jan. 29, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2020-37180

    GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-26480

    An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2020-37190

    Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Re... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37198

    Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license act... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37206

    ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4594 Results