Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-2536

    A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml extern... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: XML External Entity

  • 5.4

    MEDIUM
    CVE-2019-25367

    ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_ad... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2452

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-1793

    The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible ... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-2415

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant ... Read more

    Affected Products : pretix
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2026-26220

    LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.load... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2026-2543

    A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password chang... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-2532

    A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-sid... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-12062

    The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for a... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-59903

    Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2548

    A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotel... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-23177

    In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry's index doesn't match the given index due to lookup alig... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2026-2451

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bu... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2026-2539

    The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information ... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2026-1334

    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23187

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-1333

    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a ... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23206

    In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc() with ethsw->sw_attr.num_ifs as the el... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-2608

    The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-26369

    eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management speci... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization
Showing 20 of 4900 Results