Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2026-0775

    npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged co... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 5.3

    MEDIUM
    CVE-2026-24607

    Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2026-24594

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Buil... Read more

    Affected Products : wpbakery_page_builder_addons
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-24609

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-0770

    Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required ... Read more

    Affected Products : langflow
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-24595

    Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2026-0760

    Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authenticatio... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 6.5

    MEDIUM
    CVE-2026-24585

    Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-24550

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-24636

    Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.10.1.... Read more

    Affected Products : sugar_calendar
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24589

    Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-24635

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-66720

    Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2026-22275

    Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabili... Read more

    Affected Products : objectscale
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-4319

    Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affect... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2026-24631

    Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2026-24572

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2026-0794

    ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to expl... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2026-24596

    Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2026-24555

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1.... Read more

    Affected Products : artplacer_widget
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4260 Results