Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2026-0879

    Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jan. 13, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2021-47753

    phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system comma... Read more

    Affected Products : cms
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-1178

    A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. ... Read more

    Affected Products : ksoa
    • Published: Jan. 19, 2026
    • Modified: Feb. 05, 2026

  • 9.8

    CRITICAL
    CVE-2026-22249

    Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more

    Affected Products : docmost
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-1589

    A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. ... Read more

    • Published: Jan. 29, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-20045

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unity Conne... Read more

    • Actively Exploited
    • Published: Jan. 21, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1594

    A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the argument detail leads to sql injection. Remote expl... Read more

    Affected Products : society_management_system
    • Published: Jan. 29, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-50892

    VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access ... Read more

    Affected Products : wallpaper_admin
    • Published: Jan. 13, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2026-1152

    A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be l... Read more

    Affected Products : mpay
    • Published: Jan. 19, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-14301

    The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authenticati... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2020-36962

    Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field t... Read more

    Affected Products : tendenci
    • Published: Jan. 28, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-69992

    phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.... Read more

    Affected Products : news_portal
    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-70892

    Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.... Read more

    Affected Products : cyber_cafe_management_system
    • Published: Jan. 15, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-36964

    YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buff... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2026-0821

    A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remote... Read more

    Affected Products : quickjs
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10915

    The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2020-36967

    Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SE... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37162

    Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buff... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 07, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-37000

    Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, S... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14533

    The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes i... Read more

    Affected Products : advanced_custom_fields_extended
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization
Showing 20 of 4514 Results