Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2026-20823

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20939

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20829

    Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20862

    Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-20835

    Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026

  • 5.5

    MEDIUM
    CVE-2026-21301

    Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-68915

    Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.... Read more

    Affected Products : netman_208
    • Published: Dec. 24, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-21303

    Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of thi... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-22231

    OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-66866

    An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-69261

    WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15128

    A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_pa... Read more

    Affected Products : biotime
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-21674

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15154

    A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of le... Read more

    Affected Products : pbootcms
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-15417

    A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack mus... Read more

    Affected Products : open5gs
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-15418

    A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing manipulation results in denial... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-46288

    A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-46292

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-14421

    pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required... Read more

    Affected Products : pdf_architect
    • Published: Dec. 23, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2026-21499

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been... Read more

    Affected Products : iccdev
    • Published: Jan. 07, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: XML External Entity
Showing 20 of 4620 Results