Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-0904

    Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-65482

    An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2026-21923

    Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : life_sciences_central_designer
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 8.1

    HIGH
    CVE-2025-14977

    The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings` REST... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2026-1183

    HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2026-21955

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 7.2

    HIGH
    CVE-2025-15380

    The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-1051

    The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function... Read more

    Affected Products : newsletter
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-56353

    In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription reques... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 9.6

    CRITICAL
    CVE-2025-53912

    An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-15367

    The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.... Read more

    Affected Products : python
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2026-21948

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 8.1

    HIGH
    CVE-2026-23876

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled da... Read more

    Affected Products : imagemagick
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-15281

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.... Read more

    Affected Products : glibc
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63648

    A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2026-21936

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server mysql_cluster
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 7.8

    HIGH
    CVE-2025-33233

    NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tam... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-36063

    IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-1202

    A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The... Read more

    Affected Products : crmeb
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-58087

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4642 Results