Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2026-0913

    The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'usp_access' shortcode in all versions up to, and including, 20260110 due to insufficient input s... Read more

    Affected Products : user_submitted_posts
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-66292

    DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-14375

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitizat... Read more

    Affected Products : wp_rss_aggregator
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-14853

    The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_settings_page function. This makes it possible for unauthentic... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-12957

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitizat... Read more

    Affected Products : all-in-one_video_gallery
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-62193

    Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-70307

    A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-13845

    CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2026-23766

    Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already e... Read more

    Affected Products : istio
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-67025

    Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2021-47797

    Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to tri... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-14233

    Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-20894

    Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web bro... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2026-21623

    Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2021-47800

    b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victi... Read more

    Affected Products : b2evolution
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.7

    HIGH
    CVE-2021-47795

    GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path trav... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2026-20940

    Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026

  • 5.5

    MEDIUM
    CVE-2026-20939

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026

  • 7.8

    HIGH
    CVE-2026-20938

    Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026

  • 5.5

    MEDIUM
    CVE-2026-20937

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026
Showing 20 of 4339 Results