Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2026-22222

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, result... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2026-22221

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulti... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2026-0631

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, res... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2026-0630

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, result... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2026-1770

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox ... Read more

    Affected Products : craftercms
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2026-1232

    A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections,... Read more

    Affected Products : privilege_management_for_windows
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-47402

    Transient DOS when processing a received frame with an excessively large authentication information element.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-47399

    Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47398

    Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47397

    Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-47366

    Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-47364

    Memory corruption while calculating offset from partition start point.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-47363

    Memory corruption when calculating oversized partition sizes without proper checks.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47359

    Memory Corruption when multiple threads simultaneously access a memory free API.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47358

    Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-15395

    IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.... Read more

    Affected Products : jazz_foundation
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-14914

    IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 2.0

    LOW
    CVE-2026-1703

    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executabl... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2022-50981

    An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2022-50980

    A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4428 Results