Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-21940

    Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comp... Read more

    Affected Products : agile_plm
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 5.5

    MEDIUM
    CVE-2026-23874

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version... Read more

    Affected Products : imagemagick
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-58740

    The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. Thi... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-36556

    A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigg... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-21945

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.... Read more

    Affected Products : graalvm java_se graalvm_for_jdk
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 5.8

    MEDIUM
    CVE-2026-21927

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris execu... Read more

    Affected Products : solaris
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 5.9

    MEDIUM
    CVE-2025-15367

    The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.... Read more

    Affected Products : python
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-0906

    Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2026-21642

    HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logg... Read more

    Affected Products : revive_adserver
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2026-21956

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 4.3

    MEDIUM
    CVE-2026-1051

    The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function... Read more

    Affected Products : newsletter
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2026-21950

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to ... Read more

    Affected Products : mysql_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 8.2

    HIGH
    CVE-2026-21955

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 5.4

    MEDIUM
    CVE-2026-0901

    Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-36059

    IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the containe... Read more

    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-36065

    IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-59464

    A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote ... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2026-21959

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP t... Read more

    Affected Products : workflow
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 6.1

    MEDIUM
    CVE-2025-53516

    A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2026-21943

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting Admin). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ... Read more

    Affected Products : scripting
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
Showing 20 of 4449 Results