Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2026-24307

    Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jan. 22, 2026
    • Modified: Feb. 12, 2026

  • 5.3

    MEDIUM
    CVE-2026-1964

    A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading t... Read more

    Affected Products : wekan
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-1962

    A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiate... Read more

    Affected Products : wekan
    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-15557

    An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and in... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2026-24304

    Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_resource_manager
    • Published: Jan. 23, 2026
    • Modified: Feb. 12, 2026

  • 7.0

    HIGH
    CVE-2026-21508

    Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2026-20671

    A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileg... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-61880

    In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-61879

    In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-56647

    npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-55210

    FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerabili... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-54756

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of ol... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-46310

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-46301

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-46290

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43417

    A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-52533

    Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-69807

    p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-69806

    p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-26031

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by e... Read more

    Affected Products : learning
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization
Showing 20 of 4965 Results