Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-70957

    A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation obj... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70955

    A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker ca... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25474

    OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments w... Read more

    Affected Products : openclaw
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-2024

    The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-25349

    ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25401

    Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printe... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25353

    Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25352

    Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sens... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-26269

    Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stac... Read more

    Affected Products : vim
    • Published: Feb. 13, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-27181

    MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns it to $this->mode at the start of execution, making all ... Read more

    Affected Products : majordomo
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-2517

    A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial... Read more

    Affected Products : open5gs
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-2549

    A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-2668

    A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-1682

    A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. ... Read more

    Affected Products : free5gc smf
    • Published: Jan. 30, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2056

    A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more

    • Published: Feb. 06, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-0929

    The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.... Read more

    Affected Products : registrationmagic
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-21511

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2621

    A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sq... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2020-37200

    NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration ... Read more

    Affected Products : netsharewatcher
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2020-37201

    NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cr... Read more

    Affected Products : netsharewatcher
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4978 Results