Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-68009

    Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-68008

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.... Read more

    Affected Products : wp_mail
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-68007

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-64252

    Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2.... Read more

    Affected Products : anac_xml_viewer
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-13471

    The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)... Read more

    Affected Products : user_activity_log
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2020-36973

    PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible d... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2020-36972

    SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2020-36971

    Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-24856

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigne... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-24835

    Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2026-24769

    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2026-24768

    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authenticatio... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2026-24767

    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` request. While the subsequent file retrie... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Server-Side Request Forgery

  • 4.9

    MEDIUM
    CVE-2026-24766

    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operat... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-24742

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed informa... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2026-24739

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-23743

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources (private topics, categories, posts, or hidden tags) were redirecting users to URLs containi... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-1535

    A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the at... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-1534

    A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remo... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2026-1533

    A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection
Showing 20 of 4663 Results