Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2026-25847

    In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2174

    A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2026-2175

    A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is poss... Read more

    Affected Products : dir-823x_firmware
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2026-25848

    In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-2122

    A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. Th... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-25846

    In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-2132

    A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can... Read more

    Affected Products : online_music_site
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2173

    A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiat... Read more

    Affected Products : online_examination_system
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-2236

    C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2026-2109

    A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be... Read more

    Affected Products : coco_annotator
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2026-2137

    A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has b... Read more

    Affected Products : tx3_firmware
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2026-2142

    A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been ... Read more

    Affected Products : dir-823x_firmware
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2152

    A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command inject... Read more

    Affected Products : dir-615_firmware
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2113

    A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization.... Read more

    Affected Products : tpadmin
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-10463

    Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did no... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2026-2214

    A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack re... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2026-2186

    A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The ... Read more

    Affected Products : rx3_firmware
    • Published: Feb. 08, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2026-24466

    Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute ... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-2213

    A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. Th... Read more

    Affected Products : online_music_site
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2026-2215

    A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptogr... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Cryptography
Showing 20 of 4601 Results