Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2026-0659

    A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current pro... Read more

    Affected Products : 3ds_max arnold usd_for_arnold
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2026-20056

    A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive file... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2019-25285

    Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-62616

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession... Read more

    Affected Products : autogpt_platform
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2026-25585

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile p... Read more

    Affected Products : iccdev
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-11730

    A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series fir... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2026-23797

    In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-69215

    OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.... Read more

    Affected Products : openstamanager
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2026-1953

    Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the da... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2026-1246

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more

    Affected Products : image_optimizer
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-1271

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is due to... Read more

    Affected Products : profilegrid
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-1523

    Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F.... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 2.4

    LOW
    CVE-2026-1966

    YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external director... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2026-23796

    Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-13491

    IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-1927

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.5.7. This make... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-69213

    OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker... Read more

    Affected Products : openstamanager
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-1294

    The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible fo... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2026-1654

    The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-14150

    IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4566 Results