Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2026-22803

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafte... Read more

    Affected Products : sveltekit kit
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-0960

    HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Jan. 14, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-3950

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset ... Read more

    Affected Products : gitlab
    • Published: Jan. 09, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2026-22794

    Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email... Read more

    Affected Products : appsmith
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2026-22799

    Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing a... Read more

    Affected Products : emlog
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2026-22789

    WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, ... Read more

    Affected Products : wem
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2026-22788

    WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read bu... Read more

    Affected Products : wem
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2026-22695

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read... Read more

    Affected Products : libpng
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-22801

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_... Read more

    Affected Products : libpng
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-22870

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip... Read more

    Affected Products : guarddog
    • Published: Jan. 13, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-22871

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction d... Read more

    Affected Products : guarddog
    • Published: Jan. 13, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-0959

    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Jan. 14, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-0961

    BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Jan. 14, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 4.5

    MEDIUM
    CVE-2026-22800

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a ... Read more

    Affected Products : pilos
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-68658

    Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authent... Read more

    Affected Products : open_source_point_of_sale
    • Published: Jan. 13, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2024-58339

    LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prom... Read more

    Affected Products : llamaindex
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2024-58340

    LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regul... Read more

    Affected Products : langchain
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-15514

    Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to valid... Read more

    Affected Products : ollama
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-22213

    RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using ... Read more

    Affected Products : riot
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-22214

    RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() funct... Read more

    Affected Products : riot
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4392 Results