Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-22279

    Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.... Read more

    Affected Products : powerscale_onefs
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-23957

    seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization proce... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-24608

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-24828

    Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-24469

    C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-23842

    ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocati... Read more

    Affected Products : chatterbot
    • Published: Jan. 19, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37122

    SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration co... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63051

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24783

    soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The log... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-1719

    IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more

    Affected Products : concert
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24831

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.... Read more

    Affected Products : ix-ray_engine_1.6
    • Published: Jan. 27, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-0943

    HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-20... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-52659

    HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.... Read more

    Affected Products : aion
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-69421

    Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application pro... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70645

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1722

    IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more

    Affected Products : concert
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24138

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can ... Read more

    Affected Products : fogproject
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-69907

    An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retr... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2544

    A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted earl... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 16, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-23737

    seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Expl... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection
Showing 20 of 4565 Results