Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2020-37017

    CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject ... Read more

    Affected Products : codemeter
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2020-36944

    ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file c... Read more

    Affected Products : ilias
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2020-36972

    SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more

    Affected Products : smartblog
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-67723

    Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue ... Read more

    Affected Products : discourse
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-69601

    A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more

    Affected Products : 66biolinks
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-69602

    A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from th... Read more

    Affected Products : 66biolinks
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2026-1544

    A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried ou... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1546

    A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The ma... Read more

    Affected Products : jsherp
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1547

    A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remote... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-24857

    `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpa... Read more

    Affected Products : bulk_extractor
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-24888

    Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applicatio... Read more

    Affected Products : maker.js
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-1548

    A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1549

    A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFil... Read more

    Affected Products : jsherp
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-0398

    Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-63372

    Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-12772

    Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains ... Read more

    Affected Products : sannav brocade_sannav
    • Published: Feb. 02, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 6.7

    MEDIUM
    CVE-2020-37171

    TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2020-37170

    TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an app... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2020-37079

    Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a req... Read more

    Affected Products : wing_ftp_server
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.7

    MEDIUM
    CVE-2020-37165

    AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigge... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4626 Results