Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-61728

    archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-61726

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-en... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-61730

    During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. Th... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-61731

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68119

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how e... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Supply Chain

  • 0.0

    NA
    CVE-2025-69218

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admins only. This report displays direct URLs to all upload... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68933

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the `moderators_change_post_ownership` setting enabled can change ownership of posts in private messages and restric... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-71002

    A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-24440

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when... Read more

    Affected Products : w30e_firmware w30e
    • Published: Jan. 26, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-68934

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seco... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2026-24775

    OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work ... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.9

    HIGH
    CVE-2026-24772

    OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently va... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2026-0750

    Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2026-0749

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-71001

    A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-69602

    A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from th... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-69601

    A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-68660

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the ai_discover_persona access controls and gain ongoing DM access to personas that may be wire... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-68659

    Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attac... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-68479

    Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Authorization
Showing 20 of 4666 Results