Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2026-21278

    InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this... Read more

    Affected Products : macos windows indesign
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-68915

    Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.... Read more

    Affected Products : netman_208
    • Published: Dec. 24, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-69261

    WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21495

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been p... Read more

    Affected Products : iccdev
    • Published: Jan. 07, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-22703

    Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signat... Read more

    Affected Products : cosign
    • Published: Jan. 10, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Supply Chain

  • 5.5

    MEDIUM
    CVE-2025-15128

    A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_pa... Read more

    Affected Products : biotime
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-15154

    A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of le... Read more

    Affected Products : pbootcms
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-9435

    Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2026-21301

    Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : substance_3d_modeler
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20833

    Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2025-15082

    A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is pos... Read more

    Affected Products :
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-20937

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2025-68276

    Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LO... Read more

    Affected Products : avahi
    • Published: Jan. 12, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20805

    Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.... Read more

    • Actively Exploited
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2026-20823

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2025-14957

    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of t... Read more

    Affected Products : binaryen
    • Published: Dec. 19, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-20838

    Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2026-20824

    Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 5.5

    MEDIUM
    CVE-2025-46278

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43475

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4612 Results