Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-20616

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termi... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2020-37199

    NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application c... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2020-37186

    Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and exec... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2020-37192

    MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references exte... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2020-37188

    SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the applicat... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-2321

    Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2020-37189

    TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2026-23856

    Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2020-37187

    SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an applic... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2020-37182

    Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10969

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2020-37178

    KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing applicat... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37196

    Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registratio... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2026-26021

    set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checki... Read more

    Affected Products : set-in
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-13004

    Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025.... Read more

    Affected Products :
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2020-37213

    TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to t... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2026-26215

    manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-25759

    Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when... Read more

    Affected Products : statamic
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2020-37175

    P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application c... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2019-25313

    FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a req... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4772 Results