Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-65079

    A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-1811

    A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File c... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2020-37074

    Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception han... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2026-1835

    A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly... Read more

    Affected Products :
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.7

    MEDIUM
    CVE-2025-14740

    Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating tw... Read more

    Affected Products : desktop
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2020-37075

    LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH)... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37071

    CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-37068

    Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23048

    In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026

  • 0.0

    NA
    CVE-2025-71192

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add k... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-65080

    A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37080

    webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to spec... Read more

    Affected Products : webtareas
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2020-37085

    VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23047

    In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even tho... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-23041

    In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2019-25260

    OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PH... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-37066

    GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23040

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This c... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23045

    In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in ena. WARNING: net/devlink/core.c:261 at devl_assert_lock... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Race Condition

  • 1.7

    LOW
    CVE-2025-62601

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sen... Read more

    Affected Products : fast_dds
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4565 Results