Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2021-47856

    Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate appli... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-23029

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_de... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2020-37049

    Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launchin... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2020-37042

    Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2020-37033

    Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2026-1592

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This i... Read more

    Affected Products : pdf_editor_cloud
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-25011

    Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= ... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2020-37100

    Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specif... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-59902

    HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included i... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, s... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-25059

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with val... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NONE
    CVE-2025-61637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.J... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affe... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-25222

    PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuri... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2026-25221

    PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and veri... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-25144

    Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2026-25060

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-24043

    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user ca... Read more

    Affected Products : jspdf
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: XML External Entity

  • 6.3

    MEDIUM
    CVE-2026-24040

    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server),... Read more

    Affected Products : jspdf
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 2.3

    LOW
    CVE-2025-6927

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2,... Read more

    Affected Products : mediawiki
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization
Showing 20 of 4719 Results