Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-20401

    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +10 more products
    • Published: Feb. 02, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-40905

    WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.... Read more

    Affected Products :
    • Published: Feb. 13, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2026-24323

    The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, le... Read more

    Affected Products : s4core erp document_management_system
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2026-25478

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters a... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-24324

    SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or c... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2026-24325

    SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed ... Read more

    Affected Products : businessobjects_enterprise
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-25479

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . m... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2026-24326

    Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low... Read more

    Affected Products : s\/4hana_defense_\&_security
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-25480

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as r... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2026-24327

    Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confident... Read more

    Affected Products : strategic_enterprise_management
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-11547

    AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2026-24328

    SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s br... Read more

    Affected Products : business_server_pages
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Server-Side Request Forgery

  • 4.6

    MEDIUM
    CVE-2025-12757

    An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 4.5

    MEDIUM
    CVE-2025-13064

    A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-12063

    An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-2259

    A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The at... Read more

    Affected Products : lobster
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-25956

    Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) when a user signs u... Read more

    Affected Products : frappe
    • Published: Feb. 10, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-70083

    An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer i... Read more

    Affected Products : opensatkit
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70084

    Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.... Read more

    Affected Products : opensatkit
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-70085

    An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checkin... Read more

    Affected Products : opensatkit
    • Published: Feb. 11, 2026
    • Modified: Feb. 17, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4974 Results