Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-22639

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-11224

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validati... Read more

    Affected Products : gitlab
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2021-47765

    AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-0961

    BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2021-47766

    Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-b... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2021-47771

    RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the so... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-71165

    Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper outpu... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-13154

    An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.... Read more

    Affected Products : vantage
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2026-22908

    Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-67835

    Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-65397

    An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/imag... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-0959

    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2021-47755

    Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'file... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2021-47768

    ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML e... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-67082

    An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extra... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2026-22646

    Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be us... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2026-22858

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char... Read more

    Affected Products : freerdp
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2021-47769

    Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-70747

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-67084

    File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection
Showing 20 of 4040 Results