Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-23524

    Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instan... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-66686

    A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payloa... Read more

    Affected Products : perch
    • Published: Jan. 07, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-66838

    In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files,... Read more

    Affected Products : aris
    • Published: Jan. 07, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-66837

    A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware... Read more

    Affected Products : aris
    • Published: Jan. 07, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46070

    An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component... Read more

    Affected Products : botmanager
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-46068

    An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism... Read more

    Affected Products : director
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Supply Chain

  • 8.2

    HIGH
    CVE-2025-46067

    An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file... Read more

    Affected Products : director
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-46066

    An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges... Read more

    Affected Products : director
    • Published: Jan. 12, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23960

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-15455

    A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be c... Read more

    Affected Products : minicms
    • Published: Jan. 05, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-31964

    Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the loc... Read more

    • Published: Jan. 07, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2021-47794

    ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command ... Read more

    Affected Products : zeslecp
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2021-47815

    Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application cr... Read more

    Affected Products : nsauditor
    • Published: Jan. 16, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-36911

    In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is no... Read more

    Affected Products : android
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2026-23518

    Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly v... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2026-23517

    Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privile... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23526

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the ad... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23516

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a malic... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-23499

    Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Dep... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-22849

    Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to pe... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4285 Results