Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2026-24897

    Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By ... Read more

    Affected Products : erugo
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-1552

    A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploi... Read more

    Affected Products : semcms
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1188

    In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this ... Read more

    Affected Products : omr
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-24962

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-36407

    IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1975

    A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-1976

    A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made a... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2026-25722

    Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2026-25723

    Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to ... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-25724

    Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /et... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2026-25725

    Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted a... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2026-1709

    A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform ad... Read more

    Affected Products : keylime
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2026-2065

    A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can o... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication

  • 1.1

    LOW
    CVE-2026-24050

    Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interac... Read more

    Affected Products : zulip
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-13523

    Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via s... Read more

    Affected Products : confluence
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2026-25727

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally de... Read more

    Affected Products : time
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-15320

    Tanium addressed a denial of service vulnerability in Tanium Client.... Read more

    Affected Products : client
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2019-25294

    html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark f... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-25729

    DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sens... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2026-23989

    REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "ar... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization
Showing 20 of 4949 Results