Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2026-1196

    A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The a... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2026-23742

    Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example t... Read more

    Affected Products : skipper
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2026-23875

    CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious cont... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-23625

    OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for e... Read more

    Affected Products : openproject
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-22865

    Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.... Read more

    Affected Products : gradle
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-15532

    A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released... Read more

    Affected Products : open5gs
    • Published: Jan. 17, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2019-25297

    Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated att... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-23843

    teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offe... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2026-1112

    A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Per... Read more

    Affected Products : publiccms
    • Published: Jan. 18, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-1107

    A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attac... Read more

    Affected Products : eyoucms
    • Published: Jan. 18, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2026-0863

    Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by... Read more

    Affected Products : n8n
    • Published: Jan. 18, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-23848

    MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Att... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-14450

    The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. This make... Read more

    Affected Products :
    • Published: Jan. 17, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2026-1007

    Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.... Read more

    Affected Products : devolutions_server
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-29847

    A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass... Read more

    Affected Products : linkis
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2026-23626

    Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the... Read more

    Affected Products : kimai
    • Published: Jan. 18, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2026-0518

    CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.... Read more

    Affected Products : secure_access
    • Published: Jan. 17, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-1133

    A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack... Read more

    Affected Products : ksoa
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-23842

    ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocati... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2026-1136

    A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title cause... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4453 Results