Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2025-5319 — SQLi in Emit Informatics' DIGITA Efficiency Management System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Man…

Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
7.5 HIGH
CVE-2025-14550 — Potential denial-of-service vulnerability via repeated headers when using ASGI

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multipl…

django | Remote | Denial of Service
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
5.3 MEDIUM
CVE-2025-13473 — Username enumeration through timing difference in mod_wsgi authentication handler

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows re…

django | Remote | Authentication
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
8.5 HIGH
CVE-2020-37102 — Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path

Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the u…

| Misconfiguration
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.5 HIGH
CVE-2020-37101 — VPN unlimited 6.1 - Unquoted Service Path

VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in …

| Misconfiguration
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.5 HIGH
CVE-2020-37100 — Sync Breeze Enterprise 12.4.18 - Unquoted Service Path

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquote…

syncbreeze | Misconfiguration
Feb 03, 2026 Feb 20, 2026
Feb 03, 2026
Feb 20, 2026
8.5 HIGH
CVE-2020-37099 — Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path

Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…

| Misconfiguration
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.5 HIGH
CVE-2020-37098 — Disk Sorter Enterprise 12.4.16 - Unquoted Service Path

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquote…

disk_sorter | Misconfiguration
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.5 HIGH
CVE-2019-25261 — AnyDesk 5.4.0 - Unquoted Service Path

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the u…

anydesk | Misconfiguration
Feb 03, 2026 Feb 25, 2026
Feb 03, 2026
Feb 25, 2026
7.6 HIGH
CVE-2025-7760 — Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through H…

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.6 HIGH
CVE-2025-6397 — XSS in Ankara Hosting's web site

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Web…

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
6.9 MEDIUM
CVE-2026-1664 — Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `Re…

Remote | Authorization
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
9.3 CRITICAL
CVE-2026-1432 — SQL injection (SQLi) on the Buroweb platform

SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user …

buroweb | Remote | Injection
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
1.0 LOW
CVE-2025-11598 — Exposure of Confidential Information in mObywatel application

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopen…

| Information Disclosure
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
5.3 MEDIUM
CVE-2025-67857 — Moodle: moodle: data exposure of user identifiers in urls

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, comp…

moodle | Remote | Information Disclosure
Feb 03, 2026 Feb 11, 2026
Feb 03, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2025-67856 — Moodle: moodle: privilege escalation via incomplete role checks in badge awarding

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This c…

moodle | Remote | Authorization
Feb 03, 2026 Feb 26, 2026
Feb 03, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2025-67855 — Mooodle: mooodle: information disclosure and script execution via reflected cross-site sc…

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitizati…

moodle | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 11, 2026
Feb 03, 2026
Feb 11, 2026
7.5 HIGH
CVE-2025-67853 — Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation ema…

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess use…

moodle | Remote | Authentication
Feb 03, 2026 Feb 11, 2026
Feb 03, 2026
Feb 11, 2026
6.1 MEDIUM
CVE-2025-67852 — Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to mal…

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. …

moodle | Remote | Misconfiguration
Feb 03, 2026 Feb 11, 2026
Feb 03, 2026
Feb 11, 2026
7.8 HIGH
CVE-2025-67851 — Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data e…

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, w…

moodle | Injection
Feb 03, 2026 Feb 11, 2026
Feb 03, 2026
Feb 11, 2026
Showing 20 of 5263 Results