Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2026-1530

    A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications betwee... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2026-25200

    A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.... Read more

    Affected Products : magicinfo_9_server
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2026-25069

    SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arb... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-23027

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_de... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23019

    In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure devlink_alloc() may return NULL on allocation failure, but prestera_devlink_alloc() unconditionally calls devlink... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71183

    In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two i... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2026-1431

    The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthent... Read more

    Affected Products : booking_calendar
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2022-50980

    A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2022-50975

    An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2026-1117

    A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `... Read more

    Affected Products : lollms lollms_web_ui
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-23020

    In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible null dereference in vortex_probe1() pdev can be null and free_ring: can be called in 1297 with a null pdev.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2020-37034

    HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to acce... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2021-47885

    Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2020-37056

    Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2020-37050

    Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file thr... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2020-37055

    SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file sy... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026

  • 4.5

    MEDIUM
    CVE-2026-1770

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox ... Read more

    Affected Products : craftercms
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-54263

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2026-22888

    Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.... Read more

    Affected Products : garoon
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2026-22881

    Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.... Read more

    Affected Products : garoon
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4517 Results