Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-22249

    Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more

    Affected Products : docmost
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-65368

    SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.... Read more

    Affected Products : sparkyfitness
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-61937

    The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-61943

    The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in com... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-64691

    The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-64729

    The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-65117

    The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphica... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-65118

    The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Mode... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-64769

    The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.... Read more

    Affected Products : process_optimization
    • Published: Jan. 16, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2021-47780

    Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables th... Read more

    Affected Products : macro_expert
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2021-47805

    Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious exec... Read more

    Affected Products : disksavvy
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2021-47794

    ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command ... Read more

    Affected Products : zeslecp
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2021-47815

    Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application cr... Read more

    Affected Products : nsauditor
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-67822

    A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A suc... Read more

    Affected Products : mivoice_mx-one
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-66417

    GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.... Read more

    Affected Products : glpi
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-64516

    GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an a... Read more

    Affected Products : glpi
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026

  • 9.1

    CRITICAL
    CVE-2025-67647

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.... Read more

    Affected Products : sveltekit adapter-node kit
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.2

    HIGH
    CVE-2026-22803

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafte... Read more

    Affected Products : sveltekit kit
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-67077

    File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.... Read more

    Affected Products : agora-project
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-67076

    Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.... Read more

    Affected Products : agora-project
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4674 Results