Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-13453

    A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2026-0990

    A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this co... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2026-22694

    AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app cou... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 2.9

    LOW
    CVE-2026-0992

    A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by s... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2026-23498

    Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.... Read more

    Affected Products : shopware
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2026-0976

    A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2026-23512

    SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advance... Read more

    Affected Products : sumatrapdf
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-14448

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and o... Read more

    Affected Products : wp-members
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-71165

    Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper outpu... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2021-47758

    Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plu... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-14556

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-22915

    An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-13154

    An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.... Read more

    Affected Products : vantage
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-33206

    NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.... Read more

    Affected Products : nsight_graphics
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2021-47754

    Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.4

    HIGH
    CVE-2021-47775

    YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2026-0601

    A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.... Read more

    Affected Products : nexus_repository_manager
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2021-47772

    10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a rever... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2021-47764

    AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific inpu... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-13454

    A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4307 Results