Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2026-25494

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. However, alt... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2026-25496

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|ra... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-25497

    Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access t... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2026-25498

    Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution (RCE) vulnerability exists in Craft CMS where the assembleLayoutFromPost() function in src/services/Fields.ph... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2026-25598

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade ... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-25639

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by pr... Read more

    Affected Products : axios
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2026-21419

    Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2026-2245

    A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be perfo... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-2246

    A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out l... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2026-25765

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's build_exclusive_url method (in lib/faraday/connection.rb) uses Ruby's URI#merge to combine the connection's base URL with a... Read more

    Affected Products : faraday
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2026-24419

    OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The applicat... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-69212

    OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can uplo... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-69214

    OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can ... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-69216

    OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-24416

    OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-24417

    OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to pro... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-24418

    OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule)... Read more

    Affected Products : openstamanager
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-22782

    RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forge... Read more

    Affected Products : rustfs
    • Published: Jan. 16, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2026-23523

    Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arb... Read more

    Affected Products : dive
    • Published: Jan. 16, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-15528

    A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploi... Read more

    Affected Products : open5gs
    • Published: Jan. 16, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4772 Results