Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-23842

    ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocati... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2026-23841

    Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryCreated=`. Versio... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2026-23840

    Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`. Versio... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2026-23839

    Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. Versio... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2026-23838

    Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the ... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-23829

    Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can injec... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2026-22797

    An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before pro... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2026-1172

    A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack ... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-1171

    A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Denial of Service

  • 6.0

    MEDIUM
    CVE-2025-69198

    Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-55252

    HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulting in unauthorized access... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Authentication

  • 1.8

    LOW
    CVE-2025-55250

    HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2026-23884

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑sid... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2026-23883

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2026-23836

    HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Injection

  • 1.7

    LOW
    CVE-2026-23833

    ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used.... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-23732

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side glob... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-23721

    OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member ... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-23646

    OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not prop... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-23625

    OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for e... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4072 Results