Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2026-0488

    An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads ... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-2094

    Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1722

    The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2026-0508

    The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalida... Read more

    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.0

    MEDIUM
    CVE-2026-0486

    In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not i... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2026-0996

    The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input san... Read more

    Affected Products : contact_form
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-13064

    A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.... Read more

    Affected Products : axis_camera_station_pro
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-11547

    AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.... Read more

    Affected Products : axis_camera_station_pro
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-25923

    my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyg... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2026-25958

    Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13,... Read more

    Affected Products : cube.js
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2026-25925

    PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type propert... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-10258

    Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.... Read more

    Affected Products : infinera_dna
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-0610

    SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12... Read more

    Affected Products : devolutions_server
    • Published: Jan. 19, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-61732

    A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.... Read more

    Affected Products : go
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Supply Chain

  • 3.8

    LOW
    CVE-2025-22873

    It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not anc... Read more

    Affected Products : go
    • Published: Feb. 04, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2026-25063

    gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project co... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-2075

    A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the comp... Read more

    Affected Products : warehouse
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-2076

    A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Use... Read more

    Affected Products : warehouse
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-2077

    A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller... Read more

    Affected Products : warehouse
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-2078

    A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Permissi... Read more

    Affected Products : warehouse
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization
Showing 20 of 4588 Results