Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-22915

    An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-22914

    An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-22913

    Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-22912

    Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-22911

    Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-22910

    The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-22909

    Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2026-22908

    Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2026-22907

    An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2026-22637

    The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2026-0976

    A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2026-0713

    A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashbo... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2026-0712

    An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2026-20827

    Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 4.6

    MEDIUM
    CVE-2026-20828

    Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 5.5

    MEDIUM
    CVE-2026-20829

    Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 7.0

    HIGH
    CVE-2026-20830

    Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_server_2025
    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 9.8

    CRITICAL
    CVE-2026-0892

    Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox
    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2026-0891

    Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar... Read more

    Affected Products : firefox firefox_esr
    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-0889

    Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.... Read more

    Affected Products : firefox
    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4413 Results