Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.9

    HIGH
    CVE-2026-24772

    OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently va... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2026-0750

    Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2026-0749

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-71001

    A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-69602

    A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from th... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-69601

    A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-68660

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the ai_discover_persona access controls and gain ongoing DM access to personas that may be wire... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-68659

    Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attac... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-68479

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68001

    Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-67968

    Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-67723

    Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-66488

    Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/C... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-57796

    Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encr... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2025-57795

    Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-57794

    Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and execute... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-57793

    Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploit... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-57792

    Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The is... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2022-40620

    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could i... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-40619

    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection
Showing 20 of 4669 Results