Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2021-47829

    DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcp... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2021-47822

    DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in pot... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-23645

    SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a ma... Read more

    Affected Products : siyuan
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2021-47834

    Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-23727

    WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=l... Read more

    Affected Products : wegia
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2026-23535

    wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2026-0629

    Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full ... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-23528

    Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cro... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-24089

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-62291

    In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.... Read more

    Affected Products : strongswan
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 2.6

    LOW
    CVE-2025-61873

    Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.... Read more

    Affected Products : request_tracker
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-51602

    mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.... Read more

    Affected Products : vlc_media_player
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-15032

    Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2021-47835

    Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with t... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2021-47847

    Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 2.4

    LOW
    CVE-2024-54556

    This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-43904

    In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.... Read more

    Affected Products : slurm
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-43508

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-24090

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-24531

    In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication
Showing 20 of 4580 Results