Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2026-24915

    Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-1963

    A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2026-1970

    A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2026-1401

    The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2026-1252

    The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-24917

    UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-21643

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.... Read more

    Affected Products : forticlientems
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2026-24921

    Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2026-24922

    Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2026-24919

    Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-2054

    A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. ... Read more

    Affected Products : dir-605l_firmware dir-619l_firmware
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-2056

    A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more

    Affected Products : dir-605l_firmware dir-619l_firmware
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-15566

    A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-ngin... Read more

    Affected Products : ingress-nginx
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 4.0

    MEDIUM
    CVE-2026-24914

    Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-1998

    A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may ... Read more

    Affected Products : micropython
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-24300

    Azure Front Door Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_front_door
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026

  • 6.5

    MEDIUM
    CVE-2026-2009

    A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch th... Read more

    Affected Products : gas_agency_management_system
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2026-2000

    A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2026-24302

    Azure Arc Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_arc
    • Published: Feb. 05, 2026
    • Modified: Feb. 06, 2026

  • 9.2

    CRITICAL
    CVE-2026-21626

    Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure... Read more

    Affected Products : easydiscuss
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4514 Results