Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2026-23622

    Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changi... Read more

    Affected Products : easyappointments
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-23494

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static... Read more

    Affected Products : pimcore
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2026-21913

    An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports ... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-64516

    GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an a... Read more

    Affected Products : glpi
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026

  • 7.5

    HIGH
    CVE-2026-22775

    Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to de... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2025-64691

    The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 8.9

    HIGH
    CVE-2026-23519

    RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits no... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2026-21917

    An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configure... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2026-22774

    Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to de... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2026-21912

    A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI comma... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2025-67647

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.... Read more

    Affected Products : sveltekit
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-9014

    A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web p... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-62193

    Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-21911

    An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over lab... Read more

    Affected Products : junos_os_evolved
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2021-47805

    Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious exec... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2021-47797

    Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to tri... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-70302

    A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-70298

    GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2026-0913

    The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'usp_access' shortcode in all versions up to, and including, 20260110 due to insufficient input s... Read more

    Affected Products : user_submitted_posts
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-0203

    An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resultin... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service
Showing 20 of 3992 Results