Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-61638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, s... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.J... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affe... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61634

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026

  • 8.1

    HIGH
    CVE-2026-25060

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-25144

    Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2026-21862

    RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable clie... Read more

    Affected Products : rustfs
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NONE
    CVE-2025-61642

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NONE
    CVE-2025-61640

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. Th... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2026-25134

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command v... Read more

    Affected Products : group_office
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-22778

    vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With th... Read more

    Affected Products : vllm
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 4.6

    MEDIUM
    CVE-2025-12774

    A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sens... Read more

    Affected Products : sannav brocade_sannav
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2026-25011

    Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= ... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 0.0

    NONE
    CVE-2025-61651

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserEleme... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2026-23515

    Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-syste... Read more

    Affected Products : signal_k_server
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-23476

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. W... Read more

    Affected Products : facturascripts
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-8589

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-66480

    Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The applic... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Path Traversal

  • 1.0

    LOW
    CVE-2025-11598

    In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2026-24737

    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input t... Read more

    Affected Products : jspdf
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Injection
Showing 20 of 4550 Results