Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2025-6589

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.... Read more

    Affected Products : mediawiki
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026

  • 4.3

    MEDIUM
    CVE-2026-25011

    Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= ... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2026-20704

    Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 9.9

    CRITICAL
    CVE-2026-23515

    Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-syste... Read more

    Affected Products : signal_k_server
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-23476

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. W... Read more

    Affected Products : facturascripts
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-67478

    Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026

  • 1.3

    LOW
    CVE-2025-67476

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026

  • 9.8

    CRITICAL
    CVE-2025-66480

    Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The applic... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-65017

    Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This is... Read more

    Affected Products : decidim
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 1.0

    LOW
    CVE-2025-11598

    In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2026-23997

    FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical d... Read more

    Affected Products : facturascripts
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2026-24051

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go execute... Read more

    Affected Products : opentelemetry-go
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2026-25022

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.... Read more

    Affected Products : kivicare
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-25024

    Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-25020

    Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24984

    Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.... Read more

    Affected Products : visual_link_preview
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2026-1664

    Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentN... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2020-37099

    Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterpris... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-41065

    Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload i... Read more

    Affected Products : luna
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-1730

    The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authen... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication
Showing 20 of 5191 Results