Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-70062

    PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-69287

    The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data prep... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2025-8860

    A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer fi... Read more

    Affected Products : qemu
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2019-25400

    IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newh... Read more

    Affected Products : ipfire
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4521

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it possible for a... Read more

    Affected Products : idonate
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2026-20142

    In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the RSA `accessKey` value from the [<u>Authentica... Read more

    Affected Products : splunk
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-70152

    code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-su... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25365

    ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefull... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-0926

    The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary f... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-4960

    The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and d... Read more

    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2019-25357

    Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes t... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-2676

    A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to impr... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-14167

    The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail w... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2019-25349

    ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application ... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-15585

    Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalatio... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-14864

    The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_aja... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2019-25353

    Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-15581

    Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.... Read more

    Affected Products : orthanc
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-2683

    A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. Th... Read more

    Affected Products :
    • Published: Feb. 18, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-13587

    The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login() method only enforces the 2FA requirement if the 'token... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authentication
Showing 20 of 5151 Results