Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2019-25283

    Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access d... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2019-25271

    NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable f... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2026-20123

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is ... Read more

    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.5

    HIGH
    CVE-2019-25281

    NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, a... Read more

    Affected Products : ncp_secure_entry_client
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2026-1523

    Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F.... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-1271

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is due to... Read more

    Affected Products : profilegrid
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2026-1246

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more

    Affected Products : image_optimizer
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2026-1953

    Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the da... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2019-25286

    GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject mal... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2019-25285

    Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2019-25276

    Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program F... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2026-25536

    MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connect... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-25523

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue... Read more

    Affected Products : magento
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-27550

    IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.... Read more

    Affected Products : jazz_reporting_service
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2019-25275

    BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious exec... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-23072

    In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cited commit moved down the validation of the protocol versi... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-20111

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerabi... Read more

    Affected Products : prime_infrastructure
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-25140

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandA... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25121

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK pack... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2026-21893

    n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative p... Read more

    Affected Products : n8n
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection
Showing 20 of 4944 Results