Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-24324

    SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or c... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2026-23684

    A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on da... Read more

    Affected Products : commerce_cloud
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2026-0490

    SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impa... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-12757

    An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.... Read more

    Affected Products : axis_camera_station_pro
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-12063

    An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.... Read more

    Affected Products : axis_camera_station_pro
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-15570

    A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and coul... Read more

    Affected Products : lrzip
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2026-24312

    An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege act... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24321

    SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has... Read more

    Affected Products : commerce_cloud
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2026-25807

    ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2026-25923

    my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyg... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2026-25885

    PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-6967

    Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendo... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-15571

    A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environm... Read more

    Affected Products : lrzip
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-15316

    Tanium addressed a local privilege escalation vulnerability in Tanium Server.... Read more

    Affected Products : server
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-25808

    Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint with... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15317

    Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.... Read more

    Affected Products : server
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-15569

    A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is con... Read more

    Affected Products : mupdf
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2026-25890

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying ... Read more

    Affected Products : filebrowser
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2026-25925

    PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type propert... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2025-11537

    A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with... Read more

    Affected Products :
    • Published: Feb. 10, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4536 Results