Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2026-22613

    The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eat... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-66600

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web ser... Read more

    Affected Products : fast\/tools
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-2146

    A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unr... Read more

    Affected Products : yshopmall
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-2216

    A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The ... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-15477

    The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient ... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-59023

    Crafted delegations or IP fragments can poison cached delegations in Recursor.... Read more

    Affected Products : recursor
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-24027

    Crafted zones can lead to increased incoming network traffic.... Read more

    Affected Products : recursor
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-14831

    A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject altern... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-15027

    The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_use... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-7799

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 0... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2026-0555

    The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and... Read more

    Affected Products : premmerce
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2131

    A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit i... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-1973

    A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-1974

    A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possi... Read more

    Affected Products : free5gc
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-1550

    A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation re... Read more

    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2026-24897

    Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By ... Read more

    Affected Products : erugo
    • Published: Jan. 28, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-1552

    A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploi... Read more

    Affected Products : semcms
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1188

    In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this ... Read more

    Affected Products : omr
    • Published: Jan. 29, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-24962

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-36407

    IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.... Read more

    Affected Products : db2
    • Published: Jan. 30, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4563 Results