Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11542

    Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.... Read more

    • Published: Dec. 22, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-15457

    A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is poss... Read more

    Affected Products : minicms
    • Published: Jan. 05, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-62004

    BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disco... Read more

    Affected Products : server_intrusion_protection
    • Published: Dec. 18, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-62003

    BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.... Read more

    Affected Products : server_intrusion_protection
    • Published: Dec. 18, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-62002

    BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single (possibly large) file without triggering detection if thresholds are configured to require multiple file changes.... Read more

    Affected Products : ransomware_containment
    • Published: Dec. 18, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-62001

    BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that av... Read more

    Affected Products : ransomware_containment
    • Published: Dec. 18, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12049

    Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other ope... Read more

    Affected Products : mp-01_firmware mp-01
    • Published: Dec. 22, 2025
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2026-20976

    Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.... Read more

    Affected Products : galaxy_store
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-20975

    Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.... Read more

    Affected Products : cloud
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-20969

    Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2026-20972

    Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.... Read more

    Affected Products : android
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2026-20971

    Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.... Read more

    Affected Products : android
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-20970

    Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.... Read more

    Affected Products : android
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2026-20968

    Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.... Read more

    Affected Products : android
    • Published: Jan. 09, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2026-21441

    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform de... Read more

    Affected Products : urllib3
    • Published: Jan. 07, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-69258

    A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected insta... Read more

    Affected Products : windows apex_central
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-0640

    A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has be... Read more

    Affected Products : ac23_firmware ac23
    • Published: Jan. 06, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-69259

    A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulner... Read more

    Affected Products : windows apex_central
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-69260

    A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products : windows apex_central
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2026-22597

    Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfil... Read more

    Affected Products : ghost
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 4521 Results