Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-70122

    A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.... Read more

    Affected Products : free5gc
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2549

    A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-57156

    NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).... Read more

    Affected Products : owntone owntone_server
    • Published: Jan. 20, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70955

    A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker ca... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-2452

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2451

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-70957

    A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation obj... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-21243

    Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50617

    Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL q... Read more

    Affected Products : cipace
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-25614

    Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.... Read more

    Affected Products : blesta
    • Published: Feb. 03, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-0772

    Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Feb. 18, 2026

  • 7.5

    HIGH
    CVE-2025-65127

    A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-21511

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2056

    A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more

    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2020-37200

    NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration ... Read more

    Affected Products : netsharewatcher
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-1682

    A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. ... Read more

    Affected Products : free5gc smf
    • Published: Jan. 30, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70148

    Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, res... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-21878

    BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing att... Read more

    Affected Products : bacnet_stack
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-22860

    Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-2668

    A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization
Showing 20 of 4751 Results