Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2026-21921

    A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequent... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-70892

    Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-70893

    A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authe... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-21920

    An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives ... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-48077

    An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock an... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-59960

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Den... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2026-22249

    Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more

    Affected Products : docmost
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-14235

    Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-21905

    A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending spec... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2026-21918

    A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP s... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-21914

    An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2021-47794

    ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command ... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-52987

    A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-59959

    An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show ro... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-60011

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream d... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-65368

    SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-70890

    A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and ex... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-60007

    A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' comma... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-15265

    An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. This enables r... Read more

    Affected Products : svelte
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-20894

    Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web bro... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4287 Results