Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2026-1335

    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2026-26930

    SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.... Read more

    Affected Products : smartermail
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2533

    A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead to command injection. It is possible to launch the attac... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2019-25379

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in t... Read more

    Affected Products : smoothwall
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2026-2537

    A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to comma... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-31118

    Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.... Read more

    Affected Products : sp_project_\&_document_manager
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-2415

    Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant ... Read more

    Affected Products : pretix
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-65715

    An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.... Read more

    Affected Products :
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2019-25392

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi... Read more

    Affected Products : smoothwall
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25387

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script... Read more

    Affected Products : smoothwall
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25388

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script ... Read more

    Affected Products : smoothwall
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25386

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests... Read more

    Affected Products : smoothwall
    • Published: Feb. 16, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-23210

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-32061

    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overf... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-32062

    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overf... Read more

    Affected Products :
    • Published: Feb. 15, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2024-55271

    A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2026-23178

    In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`. The former can come fr... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23179

    In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_l... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2026-23202

    In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When... Read more

    Affected Products : linux_kernel
    • Published: Feb. 14, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-33246

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to c... Read more

    Affected Products : nemo
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection
Showing 20 of 4888 Results