Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2025-71192 — ALSA: ac97: fix a double free in snd_ac97_controller_register()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to d…

linux_kernel | Memory Corruption
Feb 04, 2026 Feb 04, 2026
Feb 04, 2026
Feb 04, 2026
6.1 MEDIUM
CVE-2025-70545 — "Belden PPC ONT 2K05X Stored XSS Vulnerability"

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) componen…

ppc_2k05x_firmware ppc_2k05x | Remote | Cross-Site Scripting
Feb 04, 2026 Feb 11, 2026
Feb 04, 2026
Feb 11, 2026
8.2 HIGH
CVE-2026-22548 — BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  N…

big-ip_access_policy_manager big-ip_application_security_manager big-ip_advanced_web_application_firewall | Remote | Denial of Service
Feb 04, 2026 Feb 13, 2026
Feb 04, 2026
Feb 13, 2026
4.3 MEDIUM
CVE-2026-20732 — BIG-IP Configuration utility vulnerability

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (Eo…

big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system +15 more | Remote | Information Disclosure
Feb 04, 2026 Feb 13, 2026
Feb 04, 2026
Feb 13, 2026
3.3 LOW
CVE-2026-20730 — BIG-IP Edge Client for Windows vulnerability

A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached End of Te…

big-ip_access_policy_manager big-ip_access_policy_manager_client | Information Disclosure
Feb 04, 2026 Feb 13, 2026
Feb 04, 2026
Feb 13, 2026
8.2 HIGH
CVE-2026-1642 — NGINX vulnerability

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream se…

nginx_instance_manager nginx_ingress_controller nginx_plus nginx_open_source nginx_gateway_fabric | Remote | Misconfiguration
Feb 04, 2026 Feb 13, 2026
Feb 04, 2026
Feb 13, 2026
8.1 HIGH
CVE-2025-70997 — Eladmin Unauthenticated Password Reset Vulnerability

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.

eladmin | Remote | Authentication
Feb 04, 2026 Feb 12, 2026
Feb 04, 2026
Feb 12, 2026
6.5 MEDIUM
CVE-2025-69618 — Tarot, Astro & Healing File Import Arbitrary File Overwrite Vulnerability

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code exe…

coto | Remote | Path Traversal
Feb 04, 2026 Feb 11, 2026
Feb 04, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2025-5329 — SQLi in Martcode Software's Delta Course Automation

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Cour…

Remote | Injection
Feb 04, 2026 Feb 04, 2026
Feb 04, 2026
Feb 04, 2026
8.8 HIGH
CVE-2025-15368 — SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authentica…

sportspress | Remote | Path Traversal
Feb 04, 2026 Feb 04, 2026
Feb 04, 2026
Feb 04, 2026
6.7 MEDIUM
CVE-2025-14740 — Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabi…

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this dire…

desktop | Misconfiguration
Feb 04, 2026 Feb 04, 2026
Feb 04, 2026
Feb 04, 2026
7.5 HIGH
CVE-2026-24735 — Apache Answer: Revision API Improper Access Control leads to Information Disclosure

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly expose…

answer | Remote | Information Disclosure
Feb 04, 2026 Feb 06, 2026
Feb 04, 2026
Feb 06, 2026
4.8 MEDIUM
CVE-2026-0873 — Privilege Elevation in Ercom Cryptobox administration console

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with kno…

cryptobox | Remote | Authorization
Feb 04, 2026 Feb 04, 2026
Feb 04, 2026
Feb 04, 2026
10.0 CRITICAL
CVE-2025-59818 — Authenticated Remote Code Execution via the file name of an uploaded file

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

tcis-3_firmware tcis-3 | Remote | Injection
Feb 04, 2026 Feb 11, 2026
Feb 04, 2026
Feb 11, 2026
Showing 20 of 5194 Results