Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-54329

    Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packet... Read more

    Affected Products : inbit_messenger
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-23847

    SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons (type=8). The content que... Read more

    Affected Products : siyuan
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2026-23850

    SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.... Read more

    Affected Products : siyuan
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2023-54328

    AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's reg... Read more

    Affected Products : aimone_video_converter
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2022-50937

    Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user... Read more

    Affected Products : ametys
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-1685

    A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from rem... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2026-1684

    A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be e... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-1395

    Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contact... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-4027

    A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to ca... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2026-23851

    SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the ... Read more

    Affected Products : siyuan
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2022-50933

    Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be laun... Read more

    Affected Products : cain_\&_abel
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2026-23852

    SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api/attr/setBlockAt... Read more

    Affected Products : siyuan
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2022-50932

    Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests ... Read more

    Affected Products : command_center_rx
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2026-1144

    A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is no... Read more

    Affected Products : quickjs
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-1145

    A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out rem... Read more

    Affected Products : quickjs
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2022-50928

    BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporatio... Read more

    Affected Products : bluesoleilcs
    • Published: Jan. 13, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-22807

    vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing at... Read more

    Affected Products : vllm
    • Published: Jan. 21, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Supply Chain

  • 7.1

    HIGH
    CVE-2026-24779

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url ... Read more

    Affected Products : vllm
    • Published: Jan. 27, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.4

    HIGH
    CVE-2025-65098

    Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in thei... Read more

    Affected Products : typebot
    • Published: Jan. 22, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-1683

    A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remot... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4290 Results