Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-62616

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession... Read more

    Affected Products : autogpt_platform
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2026-23053

    In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-23072

    In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cited commit moved down the validation of the protocol versi... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23079

    In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() On error handling paths, lineinfo_changed_notify() doesn't free the allocated resources which results leaks. Fix i... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2019-25286

    GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject mal... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2019-25285

    Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-23077

    In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge", v2. Commit 879bca0a2c4f ("mm/vma: fix incorr... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-25582

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when ... Read more

    Affected Products : iccdev
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23100

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional fix, one performance regression fix, and two r... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23104

    In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-27550

    IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.... Read more

    Affected Products : jazz_reporting_service
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2026-1246

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-23055

    In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend support for the Renesas I2C driver and following this change ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2026-25521

    Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype poll... Read more

    Affected Products : locutus
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2026-25518

    cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2026-25543

    HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a speci... Read more

    Affected Products : htmlsanitizer
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2026-1953

    Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the da... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-40685

    IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing u... Read more

    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.3

    HIGH
    CVE-2026-25513

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queri... Read more

    Affected Products : facturascripts
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-69215

    OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.... Read more

    Affected Products : openstamanager
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection
Showing 20 of 4860 Results