Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2026-25153

    Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configure... Read more

    Affected Products : backstage
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2026-22277

    Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, lead... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2026-1723

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.... Read more

    Affected Products : x6000r_firmware
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-62348

    Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.... Read more

    Affected Products : salt
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-24293

    # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for th... Read more

    Affected Products : rails
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-13176

    Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2026-0805

    An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more

    Affected Products : crafty_controller
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2026-25154

    LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" sessio... Read more

    Affected Products : localsend
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2026-25130

    Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to she... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2026-25129

    PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write t... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2026-1680

    Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe na... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2024-9432

    Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data.   The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.... Read more

    Affected Products : vertica
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2020-36998

    Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbi... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-7964

    After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end device... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2026-25210

    In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.... Read more

    Affected Products : libexpat
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2026-0963

    An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more

    Affected Products : crafty_controller
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-12899

    A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.... Read more

    Affected Products : zephyr
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2026-24714

    Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.... Read more

    Affected Products : pr2000_firmware
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2026-25126

    PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so a... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2026-24905

    Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of th... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection
Showing 20 of 4678 Results