Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2026-0796

    ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to ex... Read more

    • Published: Jan. 23, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-25646

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the functi... Read more

    Affected Products : libpng
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2026-1588

    A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the a... Read more

    Affected Products : jsherp
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-25531

    Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing aut... Read more

    Affected Products : kanboard
    • Published: Feb. 13, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2026-20603

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.... Read more

    Affected Products : macos
    • Published: Feb. 11, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-21355

    DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue re... Read more

    Affected Products : dng_software_development_kit
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21354

    DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive... Read more

    Affected Products : dng_software_development_kit
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2026-21353

    DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim... Read more

    Affected Products : dng_software_development_kit
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21352

    DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open ... Read more

    Affected Products : dng_software_development_kit
    • Published: Feb. 10, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-22764

    Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.... Read more

    Affected Products : openmanage_network_integration
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2026-25893

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute ar... Read more

    Affected Products : fuxa
    • Published: Feb. 09, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-63652

    A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63653

    An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63655

    A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63656

    An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-63657

    An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-25894

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA throug... Read more

    Affected Products : fuxa
    • Published: Feb. 09, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-63658

    A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more

    Affected Products : monkey
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-69516

    A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions... Read more

    Affected Products : tactical_rmm
    • Published: Jan. 29, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-25895

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through... Read more

    Affected Products : fuxa
    • Published: Feb. 09, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4674 Results