Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-22487

    Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-22486

    Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-21639

    A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earli... Read more

    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-21638

    A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB... Read more

    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-0671

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1... Read more

    Affected Products : mediawiki-extensions-uploadwizard
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-61550

    Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rende... Read more

    Affected Products : print_shop_pro_webdesk
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61549

    Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HTML encod... Read more

    Affected Products : print_shop_pro_webdesk
    • Published: Jan. 08, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-61548

    SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries wi... Read more

    Affected Products : print_shop_pro_webdesk
    • Published: Jan. 08, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-61547

    Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick aut... Read more

    Affected Products : print_shop_pro_webdesk
    • Published: Jan. 08, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-61546

    There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This ... Read more

    Affected Products : print_shop_pro_webdesk
    • Published: Jan. 08, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-61246

    indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.... Read more

    Affected Products : online_shopping_system
    • Published: Jan. 08, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-59470

    This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-59469

    This vulnerability allows a Backup or Tape Operator to write files as root.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-59468

    This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-56425

    An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.... Read more

    Affected Products : enaio
    • Published: Jan. 08, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-56424

    An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script... Read more

    Affected Products : e-invoice_pro
    • Published: Jan. 08, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-55125

    This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jan. 08, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-50334

    An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component... Read more

    Affected Products : dnsserver
    • Published: Jan. 08, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-22255

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT:... Read more

    Affected Products : iccdev
    • Published: Jan. 08, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-22246

    Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users ... Read more

    Affected Products : mastodon
    • Published: Jan. 08, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4394 Results