Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2025-9521

    Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-24797

    Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C. This issue affects cupoch.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2026-24823

    Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. ... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2026-24429

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these de... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2026-24490

    MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browse... Read more

    Affected Products : mobile_security_framework
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2026-24808

    Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2026-24820

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-12387

    A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to s... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-22709

    vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbo... Read more

    Affected Products : vm2
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-24807

    Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutput... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2026-24810

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2026-24812

    Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2026-24803

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C. This issue affects lede: thro... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2026-1224

    Tanium addressed an uncontrolled resource consumption vulnerability in Discover.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2026-1446

    There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.... Read more

    Affected Products : arcgis_pro
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2026-24815

    Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java. This i... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-1449

    A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injecti... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-12386

    Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about ... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2026-1464

    Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-24801

    Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C. This issue affects IronOS: before v2.23-rc3.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
Showing 20 of 4605 Results