Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-12451

    The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more

    Affected Products : easy_svg_support
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12117

    The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12375

    The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-12116

    The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11706

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-2669

    A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12081

    The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authe... Read more

    Affected Products : acf_photo_gallery_field
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-12448

    The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10256

    A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a vi... Read more

    Affected Products : ffmpeg
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-2665

    A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2026-27182

    Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2025-12343

    A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memor... Read more

    Affected Products : ffmpeg
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-12812

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-2672

    A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2026-25548

    InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning attack. An... Read more

    Affected Products : invoiceplane
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-15585

    Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalatio... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25361

    Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow a... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2026-24744

    InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the applicati... Read more

    Affected Products : invoiceplane
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-14864

    The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_aja... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-11725

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization
Showing 20 of 4944 Results