Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2026-24768

    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authenticatio... Read more

    Affected Products : nocodb
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2026-1399

    The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authent... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Scripting

  • 2.9

    LOW
    CVE-2026-23553

    In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Co... Read more

    Affected Products : xen
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-37525

    A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2020-37015

    Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2020-37016

    BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executab... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2020-36997

    BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, poten... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-1532

    A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The a... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-57795

    Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2026-24775

    OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work ... Read more

    Affected Products : openproject
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2026-1533

    A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote... Read more

    Affected Products : online_music_site
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2026-23563

    Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafte... Read more

    Affected Products : digital_employee_experience
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2020-36987

    Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2020-36961

    10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Str... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2020-36944

    ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file c... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2025-33217

    NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and informat... Read more

    Affected Products : geforce tesla
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2026-25067

    SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without va... Read more

    Affected Products : smartermail
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-33218

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d... Read more

    Affected Products : geforce tesla
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-13905

    CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon s... Read more

    Affected Products : ecostruxure_process_expert
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2020-36992

    Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially r... Read more

    Affected Products : nordvpn
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4264 Results