Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-23889

    pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. O... Read more

    Affected Products : pnpm
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2026-24816

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java. This issue affe... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2026-24821

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2026-24794

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java. This issue af... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2020-36957

    PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-24809

    An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2020-36956

    Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the ... Read more

    Affected Products : openfire
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2026-1445

    A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover r... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2026-24814

    Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2026-24822

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2026-24348

    Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-24828

    Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-24830

    Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-41726

    A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-24829

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-24801

    Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C. This issue affects IronOS: before v2.23-rc3.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026

  • 7.5

    HIGH
    CVE-2025-67274

    An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-41728

    A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circums... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2026-0925

    Tanium addressed an improper input validation vulnerability in Discover.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Information Disclosure

  • 6.7

    MEDIUM
    CVE-2026-24805

    NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4580 Results