Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-27900

    IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability ... Read more

    Affected Products : db2_recovery_expert_for_luw
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2026-2019

    The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function.... Read more

    Affected Products : cart_all_in_one_for_woocommerce
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2629

    A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase ca... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-14289

    IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : webmethods_integration_server
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2026-22284

    Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulner... Read more

    Affected Products : smartfabric_os10
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-33253

    NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, informa... Read more

    Affected Products : nemo
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-8308

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Inf... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-33239

    NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2026-1296

    The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. Th... Read more

    Affected Products : frontend_post_submission_manager
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-12122

    The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-36379

    IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : security_qradar_edr
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-2576

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied... Read more

    Affected Products : business_directory
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 4.4

    MEDIUM
    CVE-2025-12037

    The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13959

    The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-33240

    NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, an... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1670

    The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.... Read more

    Affected Products :
    • Published: Feb. 17, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-12071

    The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it pos... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12075

    The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authe... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-2507

    When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2026-27099

    Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploi... Read more

    Affected Products : jenkins
    • Published: Feb. 18, 2026
    • Modified: Feb. 18, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4929 Results