Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.0 MEDIUM
CVE-2025-15328 — Tanium addressed an improper link resolution before file access vulnerability in Enforce.

Tanium addressed an improper link resolution before file access vulnerability in Enforce.

service_enforce enforce | Path Traversal
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
4.3 MEDIUM
CVE-2025-15327 — Tanium addressed an improper access controls vulnerability in Deploy.

Tanium addressed an improper access controls vulnerability in Deploy.

service_deploy deploy | Remote | Authorization
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
4.3 MEDIUM
CVE-2025-15326 — Tanium addressed an improper access controls vulnerability in Patch.

Tanium addressed an improper access controls vulnerability in Patch.

service_patch patch | Remote | Authorization
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
6.3 MEDIUM
CVE-2025-15325 — Tanium addressed an improper input validation vulnerability in Discover.

Tanium addressed an improper input validation vulnerability in Discover.

service_discover discover | Remote
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
6.6 MEDIUM
CVE-2025-15324 — Tanium addressed a local privilege escalation vulnerability in Engage.

Tanium addressed a documentation issue in Engage.

service_engage engage
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
3.7 LOW
CVE-2025-15323 — Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

tanos tanos | Remote | Misconfiguration
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
2.7 LOW
CVE-2025-15321 — Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

tanos tanos | Remote
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
7.2 HIGH
CVE-2025-15312 — Tanium addressed an improper output sanitization vulnerability in TanOS.

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.

tanos tanos | Remote | Information Disclosure
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
7.8 HIGH
CVE-2025-15311 — Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.

Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.

tanos tanos | Misconfiguration
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
3.1 LOW
CVE-2025-15289 — Tanium addressed an improper access controls vulnerability in Interact.

Tanium addressed an improper access controls vulnerability in Interact.

service_interact interact | Remote | Authorization
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
7.4 HIGH
CVE-2026-1707 — Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An at…

pgadmin pgadmin_4 | Remote | Information Disclosure
Feb 05, 2026 Feb 26, 2026
Feb 05, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2025-70073 — ChestnutCMS Remote Code Execution

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function

chestnutcms | Remote
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
10.0 CRITICAL
CVE-2025-68121 — Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succee…

go | Remote | Cryptography
Feb 05, 2026 Feb 20, 2026
Feb 05, 2026
Feb 20, 2026
5.3 MEDIUM
CVE-2025-58190 — Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML …

networking html | Remote | Denial of Service
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
5.3 MEDIUM
CVE-2025-47911 — Quadratic parsing complexity in golang.org/x/net/html

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H…

networking html | Remote | Denial of Service
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
8.8 HIGH
CVE-2025-15557 — Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle At…

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communi…

tapo_h100_firmware tapo_h100 tapo_p100_firmware tapo_p100 | Cryptography
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
5.9 MEDIUM
CVE-2025-15551 — LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attacke…

archer_c20_firmware archer_c20 tl-wr845n_firmware tl-wr845n archer_mr200_firmware archer_mr200 +2 more | Injection
Feb 05, 2026 Feb 12, 2026
Feb 05, 2026
Feb 12, 2026
7.0 HIGH
CVE-2026-0715 — Moxa Arm-based Industrial Computers Bootloader Access Vulnerability

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this …

uc-8210-t-lx-s_firmware uc-8220-t-lx_firmware uc-8220-t-lx-ap-s_firmware uc-8220-t-lx-eu-s_firmware uc-8220-t-lx-us-s_firmware uc-8220-t-lx +64 more | Authentication
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
7.0 HIGH
CVE-2026-0714 — Moxa Industrial Computers TPM SPI Bus Physical Attack Vulnerability

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via a…

uc-8210-t-lx-s_firmware uc-8220-t-lx_firmware uc-8220-t-lx-ap-s_firmware uc-8220-t-lx-eu-s_firmware uc-8220-t-lx-us-s_firmware uc-8220-t-lx +64 more | Cryptography
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2025-70792 — Microweber Cross Site Scripting Vulnerability

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privile…

microweber | Remote | Cross-Site Scripting
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
Showing 20 of 5134 Results