Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-14740

    Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating tw... Read more

    Affected Products : desktop
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2020-37074

    Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception han... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23043

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay(). When btrfs_alloc_path() fails in ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37068

    Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-1811

    A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File c... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-1810

    A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of t... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-1801

    A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-6591

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.... Read more

    Affected Products : mediawiki
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026

  • 6.5

    MEDIUM
    CVE-2026-24398

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function ... Read more

    Affected Products : hono
    • Published: Jan. 27, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-24472

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware d... Read more

    Affected Products : hono
    • Published: Jan. 27, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2026-24473

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arb... Read more

    Affected Products : hono
    • Published: Jan. 27, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2026-24771

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrus... Read more

    Affected Products : hono
    • Published: Jan. 27, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-24988

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode &am... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2025-6593

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.... Read more

    Affected Products : mediawiki
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2025-6592

    Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-50537

    Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. D... Read more

    Affected Products : eslint
    • Published: Jan. 26, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2026-1751

    A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.... Read more

    Affected Products : gitlab
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-20402

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +10 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20403

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interacti... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +36 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-20404

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +46 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4588 Results