Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2026-21857

    REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-21851

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.ex... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2026-21697

    axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the sha... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-69262

    pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables durin... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-62224

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026

  • 5.3

    MEDIUM
    CVE-2023-7333

    A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to versio... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2019-25284

    V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25280

    Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25277

    FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2019-25270

    SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to ... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-21694

    Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in versio... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2019-25291

    INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized sy... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2019-25290

    Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewal... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2019-25289

    SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to e... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25282

    V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting ... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2019-25279

    FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuar... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2019-25278

    FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information ... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2019-25268

    NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by p... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2019-25259

    Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized acti... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2019-25231

    devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by insertin... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 5155 Results