Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.9

    HIGH
    CVE-2026-22869

    Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target ... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2026-22862

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.... Read more

    Affected Products : go_ethereum
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-47855

    An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTP... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-25652

    In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-71117

    In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath dr... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-71110

    In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free(). On ARM64 with MTE (M... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2022-50896

    Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaS... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9142

    A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-71126

    In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-13175

    Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow c... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-71140

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71143

    In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-12050

    The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-12053

    The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14301

    The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authenticati... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-12178

    The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2022-50909

    Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands tha... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2023-54336

    Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inj... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-15376

    The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_for_comments' and 'delete_stopwords_for_comments' function... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.4

    MEDIUM
    CVE-2026-0680

    The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4364 Results