Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2026-25562

    WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing a... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-25563

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25564

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-25565

    WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should r... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-25567

    WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying anot... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2026-25568

    WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-25859

    Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.... Read more

    Affected Products : wekan
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-52436

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 al... Read more

    Affected Products : fortisandbox
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-62439

    An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user wi... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-11004

    The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability o... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2024-54192

    An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-55018

    An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-30513

    Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Race Condition

  • 4.6

    MEDIUM
    CVE-2024-36310

    Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-1507

    The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-25613

    An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2026-26009

    Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or container... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-21953

    Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 1.8

    LOW
    CVE-2025-0029

    Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2026-25609

    Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.... Read more

    Affected Products : mongodb
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4579 Results