Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2026-21317

    Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue require... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21314

    Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue require... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21313

    Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue require... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21312

    Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a mal... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21315

    Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires ... Read more

    Affected Products : audition
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21514

    Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Actively Exploited
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2026-21525

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.... Read more

    • Actively Exploited
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-24061

    telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.... Read more

    Affected Products : debian_linux inetutils
    • Actively Exploited
    • Published: Jan. 21, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2026-21509

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Actively Exploited
    • Published: Jan. 26, 2026
    • Modified: Feb. 11, 2026

  • 8.8

    HIGH
    CVE-2026-21513

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Actively Exploited
    • Published: Feb. 10, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-70849

    Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequat... Read more

    Affected Products : podinfo
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-52623

    HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of... Read more

    Affected Products : aion
    • Published: Feb. 03, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2026-2337

    A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-10913

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-0910

    The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers... Read more

    Affected Products : wpforo_forum
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-14592

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitt... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12073

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery again... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-13431

    The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1357

    The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined ... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-8099

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repe... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4736 Results