Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-24130

    Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. Th... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2026-21264

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 7.4

    HIGH
    CVE-2026-21521

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 8.2

    HIGH
    CVE-2026-21227

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 9.3

    CRITICAL
    CVE-2026-24307

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 9.3

    CRITICAL
    CVE-2026-24305

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 7.4

    HIGH
    CVE-2026-21524

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 9.8

    CRITICAL
    CVE-2026-24306

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 7.5

    HIGH
    CVE-2026-21520

    None... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026

  • 0.0

    NA
    CVE-2026-24129

    Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacte... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-54816

    This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-53968

    This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-55705

    This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-25051

    An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2026-24124

    Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. Th... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-67652

    An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the l... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-24117

    Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigge... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2026-24058

    Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user (including admin) by "offering" the victim's public key during the... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2026-23988

    Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Race Condition

  • 8.7

    HIGH
    CVE-2026-23954

    Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4572 Results