Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2020-37072

    Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute a... Read more

    Affected Products : victor_cms
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2026-2133

    A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to... Read more

    Affected Products : online_music_site
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2026-2149

    A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results i... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2026-2150

    A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scriptin... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2026-2154

    A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument ... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2026-2159

    A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/us... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-69970

    FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remot... Read more

    Affected Products : fuxa
    • Published: Feb. 03, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-68721

    Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management... Read more

    Affected Products : axigen_mail_server
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2026-2160

    A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cros... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-68643

    Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is ... Read more

    Affected Products : axigen_mail_server
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2026-1701

    A security vulnerability has been detected in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch t... Read more

    • Published: Jan. 30, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-2179

    A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit... Read more

    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-68723

    Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL... Read more

    Affected Products : axigen_mail_server
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-1623

    A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit ha... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Jan. 29, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2026-2180

    A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The ex... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2181

    A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1686

    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possibl... Read more

    Affected Products : a3600r_firmware a3600r
    • Published: Jan. 30, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2026-1690

    A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit... Read more

    Affected Products : hg10_firmware hg10
    • Published: Jan. 30, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2026-25751

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthen... Read more

    Affected Products : fuxa
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2026-25752

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacke... Read more

    Affected Products : fuxa
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4881 Results