Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-1814

    Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficien... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-23965

    sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-22258

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it... Read more

    Affected Products : suricata
    • Published: Jan. 27, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-24735

    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows... Read more

    Affected Products : answer
    • Published: Feb. 04, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-23962

    Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very la... Read more

    Affected Products : mastodon
    • Published: Jan. 22, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-24827

    Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-24006

    Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval intr... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-10024

    Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-68017

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68616

    WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (s... Read more

    Affected Products : weasyprint
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2026-20736

    Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository ... Read more

    Affected Products : gitea
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-1586

    A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploi... Read more

    Affected Products : open5gs
    • Published: Jan. 29, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-14550

    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series ... Read more

    Affected Products : django
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-24635

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-69420

    Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed Time... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-69421

    Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application pro... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-24390

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: fr... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-1102

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed... Read more

    Affected Products : gitlab
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-23957

    seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization proce... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-0772

    Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
Showing 20 of 4569 Results