Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2026-24897

    Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By ... Read more

    Affected Products : erugo
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-1552

    A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploi... Read more

    Affected Products : semcms
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1188

    In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this ... Read more

    Affected Products : omr
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-24962

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-36407

    IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-1975

    A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-1976

    A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made a... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2026-25722

    Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2026-25723

    Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to ... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-25724

    Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /et... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2026-25725

    Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted a... Read more

    Affected Products : claude_code
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2026-1709

    A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform ad... Read more

    Affected Products : keylime
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2026-25520

    SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain t... Read more

    Affected Products : sandboxjs
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2019-25293

    BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Blues... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2026-25634

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMP... Read more

    Affected Products : iccdev
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-25642

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore ope... Read more

    Affected Products : hedgedoc
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2026-25632

    EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer (m... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2026-25628

    Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only a... Read more

    Affected Products : qdrant
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-25597

    PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a cu... Read more

    Affected Products : prestashop
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2026-25641

    SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property a... Read more

    Affected Products : sandboxjs
    • Published: Feb. 06, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4662 Results