Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2026-0918

    The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process t... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2020-37103

    DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary ... Read more

    Affected Products : dotnetnuke
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2020-37137

    PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending ... Read more

    Affected Products : phpfusion
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2020-37152

    PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. ... Read more

    Affected Products : phpfusion php-fusion
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2020-37133

    UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to tr... Read more

    Affected Products : ultravnc
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2020-37132

    UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger ... Read more

    Affected Products : ultravnc
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2020-37130

    Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash... Read more

    Affected Products : nsauditor
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2020-37119

    Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass... Read more

    Affected Products : nsauditor
    • Published: Feb. 05, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-25231

    FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be a... Read more

    Affected Products : filerise
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2026-25497

    Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access t... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2026-25496

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|ra... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-25494

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. However, alt... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2026-2240

    A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-25493

    Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP ... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-25492

    Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address,... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Server-Side Request Forgery

  • 1.9

    LOW
    CVE-2026-25491

    Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.... Read more

    Affected Products : craft_cms
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-25480

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as r... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-25479

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . m... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2026-25478

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters a... Read more

    Affected Products : litestar
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2025-66630

    Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUI... Read more

    Affected Products : fiber
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cryptography
Showing 20 of 4596 Results