Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-37095

    Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server ... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2026-25749

    Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function i... Read more

    Affected Products : vim
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2026-25793

    Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDS... Read more

    Affected Products : nebula
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2026-25762

    AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may a... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2026-25804

    Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations wh... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2020-37147

    ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into... Read more

    Affected Products : atutor
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2026-25758

    Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID param... Read more

    Affected Products : spree
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2020-37171

    TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2020-37170

    TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an app... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-25644

    DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.... Read more

    Affected Products : datahub
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2020-37079

    Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a req... Read more

    Affected Products : wing_ftp_server
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2020-37106

    Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2020-37122

    SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration co... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2020-37166

    AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become un... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-2074

    A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to ... Read more

    Affected Products : o2oa
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2020-37107

    Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account ... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2020-37165

    AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigge... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2020-37163

    QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database informati... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2020-37135

    AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative ac... Read more

    Affected Products : amss\+\+
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2020-37141

    AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentia... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection
Showing 20 of 4569 Results