Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2026-1760

    A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this b... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2022-50975

    An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2022-50980

    A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2026-1431

    The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthent... Read more

    Affected Products : booking_calendar
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-71183

    In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two i... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2020-37045

    Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpi... Read more

    Affected Products : netbackup
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026

  • 8.5

    HIGH
    CVE-2020-37048

    Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration t... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-13348

    An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a spe... Read more

    Affected Products : asus_business_manager
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-5986

    A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is t... Read more

    Affected Products : h2o h2o
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-6208

    The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after... Read more

    Affected Products : llamaindex
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-7105

    A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a Java... Read more

    Affected Products : librechat
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Denial of Service

  • 6.0

    MEDIUM
    CVE-2025-12680

    Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav... Read more

    Affected Products : sannav brocade_sannav
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2026-1743

    A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-repla... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2026-1741

    A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-71180

    In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: =============================... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71182

    In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 ev... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2020-37037

    Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code t... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2021-47920

    WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attack... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2021-47908

    Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbi... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2021-47856

    Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate appli... Read more

    Affected Products :
    • Published: Feb. 01, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4593 Results