Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-12117

    The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2025-8860

    A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer fi... Read more

    Affected Products : qemu
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2026-2661

    A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit h... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-69287

    The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data prep... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-70063

    The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated pati... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-0926

    The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary f... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-12116

    The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11706

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12812

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2684

    A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead ... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-13612

    The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `aigpl-gallery-album` shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output esca... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-2669

    A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-15581

    Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.... Read more

    Affected Products : orthanc
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2026-2662

    A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2019-25357

    Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes t... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2026-27177

    MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the data... Read more

    Affected Products : majordomo
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2665

    A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-0665

    An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential m... Read more

    Affected Products : qemu
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2019-25398

    IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in... Read more

    Affected Products : ipfire
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-27182

    Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection
Showing 20 of 4948 Results