Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-23009

    In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer rin... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-13920

    The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses f... Read more

    Affected Products : wp_directory_kit
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2026-1284

    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT fi... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2026-1084

    The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-23004

    In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in lis... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2025-59107

    Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract th... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-24401

    Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive ... Read more

    Affected Products : avahi
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23013

    In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails part-way, the rol... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23010

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2021-47895

    Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event De... Read more

    Affected Products : nsauditor
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 2.0

    LOW
    CVE-2026-1407

    A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclosure. The attack may be carried out on the physical devic... Read more

    Affected Products :
    • Published: Jan. 25, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2021-47898

    Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated sy... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-59102

    The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs ... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2026-1189

    The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_id' parameter of the 'leadbi_form' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2026-1302

    The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2026-1098

    The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-1208

    The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-0593

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possi... Read more

    Affected Products : wp_go_maps
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24405

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input... Read more

    Affected Products : iccdev
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2026-24404

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs whe... Read more

    Affected Products : iccdev
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4382 Results