Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2026-22912

    Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2026-22913

    Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-22914

    An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-37179

    Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more

    Affected Products : arubaos
    • Published: Jan. 13, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-22915

    An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Path Traversal

  • 4.5

    MEDIUM
    CVE-2026-21883

    Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a subdomain if app... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2026-22916

    An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-22917

    Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-37168

    Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary ... Read more

    Affected Products : arubaos
    • Published: Jan. 13, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-70968

    FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().... Read more

    Affected Products : freeimage
    • Published: Jan. 14, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-21889

    Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vuln... Read more

    Affected Products : weblate
    • Published: Jan. 14, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-63644

    A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.... Read more

    Affected Products : ph7_social_dating_builder
    • Published: Jan. 14, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-14556

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.... Read more

    Affected Products : flag
    • Published: Jan. 14, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-14557

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.... Read more

    Affected Products : facebook_pixel
    • Published: Jan. 14, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-71074

    In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on fu... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Race Condition

  • 8.9

    HIGH
    CVE-2026-21441

    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform de... Read more

    Affected Products : urllib3
    • Published: Jan. 07, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-56425

    An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.... Read more

    Affected Products : enaio
    • Published: Jan. 08, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-56225

    fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more

    Affected Products : fluidsynth
    • Published: Jan. 09, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-63314

    A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.... Read more

    Affected Products : cm3_acora_cms
    • Published: Jan. 12, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-65552

    D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF ran... Read more

    Affected Products : xz-g12_firmware xz-g12
    • Published: Jan. 12, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cryptography
Showing 20 of 4390 Results