Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2026-22708

    Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user ... Read more

    Affected Products : cursor
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-65396

    A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read err... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-33206

    NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.... Read more

    Affected Products : nsight_graphics
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2021-47784

    Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to tr... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2021-47777

    Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database que... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-47774

    Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and g... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2021-47761

    MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-13859

    The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for auth... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2026-0976

    A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-22644

    Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2026-0989

    A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas ca... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2026-20076

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-15370

    The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a us... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2021-47804

    Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with eleva... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2026-23746

    Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerServ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-13844

    CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2026-1004

    The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retr... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-12957

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitizat... Read more

    Affected Products : all-in-one_video_gallery
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-20759

    OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-22876

    Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low("monitoring user") ... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4454 Results