Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-1075

    The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the save_ztcpt_captcha_settings action where the nonce check can be bypassed by sendin... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-1076

    The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to upd... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-1070

    The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex_user_counter_function() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2026-0807

    The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for u... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2026-23007

    In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, othe... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23008

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2021-47889

    Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Sy... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2026-1208

    The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2026-22989

    In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This hap... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2026-24136

    Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information... Read more

    Affected Products : saleor
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2026-22990

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, the... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2026-1302

    The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2026-1429

    Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-1428

    Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-59092

    An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the ... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-59097

    The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuratio... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-22986

    In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev->srcu If two drivers were calling gpiochip_add_data_with_key(), one may be traversing the srcu-protected list in gpio_name_to_desc(), meanwhile othe... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-22993

    In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-59101

    Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as au... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-22992

    In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_a... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication
Showing 20 of 4226 Results