Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2026-0619

    A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-25768

    LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25949

    Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Post... Read more

    Affected Products : traefik
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-25922

    authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have ... Read more

    Affected Products : authentik
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-23111

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpa... Read more

    Affected Products : linux_kernel
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-67432

    A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2019-25321

    FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted int... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2026-26000

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malic... Read more

    Affected Products : xwiki
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-70314

    webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2019-25336

    SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to tr... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2026-26217

    Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2026-25996

    Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of co... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-67433

    A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2026-26225

    Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2019-25325

    Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# t... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-25342

    Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.ph... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2026-26005

    ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an in... Read more

    Affected Products : clipbucket
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.3

    CRITICAL
    CVE-2019-25322

    Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden for... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2019-25327

    Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields t... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-1104

    The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possi... Read more

    Affected Products : fastdup
    • Published: Feb. 12, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization
Showing 20 of 4670 Results