Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-58741

    Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-0903

    Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-33231

    NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability mig... Read more

    Affected Products : cuda_toolkit
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2026-0908

    Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2026-21928

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. ... Read more

    Affected Products : solaris
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 7.2

    HIGH
    CVE-2025-58743

    Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector C... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-58080

    A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to t... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2026-1045

    The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-57156

    NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-58090

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-1223

    PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web fro... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-54814

    A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2026-0905

    Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2026-1203

    A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to im... Read more

    Affected Products : crmeb
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-36556

    A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigg... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-53912

    An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2026-21946

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026

  • 6.1

    MEDIUM
    CVE-2025-54157

    A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL t... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-59466

    We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the cra... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59465

    A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of servic... Read more

    Affected Products : node.js
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4608 Results