Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-23059

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size reported by firmware is used to calculate the ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23057

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare tail room) is followed by a small skb (length limited by ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23065

    In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the error path... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23052

    In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the al... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-23077

    In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge", v2. Commit 879bca0a2c4f ("mm/vma: fix incorr... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23050

    In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415 ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Race Condition

  • 4.9

    MEDIUM
    CVE-2026-1246

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more

    Affected Products : image_optimizer
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2026-25481

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/util... Read more

    Affected Products : langroid
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1271

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is due to... Read more

    Affected Products : profilegrid
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-13491

    IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-1927

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.5.7. This make... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-25514

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract s... Read more

    Affected Products : facturascripts
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-1294

    The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible fo... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2026-1654

    The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-25140

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandA... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-14150

    IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25121

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK pack... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-10314

    Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs i... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2026-25508

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm... Read more

    Affected Products : esp-idf
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-68699

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the seco... Read more

    Affected Products : nanomq
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection
Showing 20 of 4714 Results