Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2020-37085

    VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2026-20986

    Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-1811

    A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File c... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-15482

    The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-15487

    The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the content... Read more

    Affected Products : code_explorer
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 4.4

    MEDIUM
    CVE-2026-0743

    The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-0679

    The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23045

    In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in ena. WARNING: net/devlink/core.c:261 at devl_assert_lock... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2026-1802

    A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launch... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-23040

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This c... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2026-1341

    Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5329

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was c... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-15368

    The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissi... Read more

    Affected Products : sportspress
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2020-37087

    Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2020-37091

    Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestrict... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2020-37070

    CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running o... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-15507

    The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_sync_usage() function in all versions up to, and including, 1.0.4. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2026-1622

    Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not reda... Read more

    Affected Products : neo4j
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-65077

    A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-65078

    An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4946 Results