Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-32355

    Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-27898

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-14444

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all ve... Read more

    Affected Products : registrationmagic
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-27899

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-14340

    Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-66614

    Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to b... Read more

    Affected Products : tomcat
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-27900

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability ... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-36379

    IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : security_qradar_edr
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-2621

    A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sq... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-38265

    IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.... Read more

    Affected Products : cloud_pak_system
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2026-2657

    A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be appro... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-67102

    A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-23218

    In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() Fix incorrect NULL check in loongson_gpio_init_irqchip(). The function checks chip->parent instead of chip->irq.paren... Read more

    Affected Products : linux_kernel
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2026-0715

    Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial i... Read more

    • Published: Feb. 05, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-52436

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 al... Read more

    Affected Products : fortisandbox
    • Published: Feb. 10, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-47911

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.... Read more

    Affected Products : networking html
    • Published: Feb. 05, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2026-25793

    Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDS... Read more

    Affected Products : nebula
    • Published: Feb. 06, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 7.7

    HIGH
    CVE-2025-61917

    n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers ... Read more

    Affected Products : n8n
    • Published: Feb. 04, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-58190

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.... Read more

    Affected Products : networking html
    • Published: Feb. 05, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-0391

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge_chromium
    • Published: Feb. 05, 2026
    • Modified: Feb. 18, 2026
Showing 20 of 4962 Results