Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2026-26336

    Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-1972

    A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The e... Read more

    Affected Products : br-6208ac_firmware br-6208ac
    • Published: Feb. 06, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2019-25411

    Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with scri... Read more

    Affected Products : dome_firewall
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-26234

    JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to ... Read more

    • Published: Feb. 12, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2026-25228

    Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files an... Read more

    Affected Products : windows signal_k_server
    • Published: Feb. 02, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2019-25412

    Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/ti... Read more

    Affected Products : dome_firewall
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2026-0875

    A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the co... Read more

    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-0874

    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the ... Read more

    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-33042

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users ... Read more

    Affected Products : avro
    • Published: Feb. 13, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-1597

    A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performe... Read more

    Affected Products : saleserp
    • Published: Jan. 29, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2020-36949

    TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fi... Read more

    Affected Products : tapinradio
    • Published: Jan. 27, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-70148

    Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, res... Read more

    Affected Products : membership_management_system
    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2026-20137

    In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles cou... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2026-20138

    In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecre... Read more

    Affected Products : splunk
    • Published: Feb. 18, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2026-2825

    A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remo... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2026-2384

    The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : quiz_maker
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2820

    A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS resu... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30416

    Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.... Read more

    Affected Products : cyber_protect
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-30410

    Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 3993... Read more

    Affected Products : cyber_protect
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authentication

  • 4.7

    MEDIUM
    CVE-2026-2408

    Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.... Read more

    Affected Products : service_cloudworkloads
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 5149 Results