Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-15443

    A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploi... Read more

    Affected Products : crmeb
    • Published: Jan. 04, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-15392

    A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to ... Read more

    Affected Products : kodicms
    • Published: Dec. 31, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-61037

    A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. The regService process, which runs with SYSTEM privileges... Read more

    Affected Products : ec2007_kernel orca_g2
    • Published: Dec. 31, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2026-20816

    Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.0

    HIGH
    CVE-2026-20815

    Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.0

    HIGH
    CVE-2026-20814

    Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.5

    HIGH
    CVE-2025-61557

    nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.... Read more

    Affected Products : nixseparatedebuginfod
    • Published: Dec. 30, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-20812

    Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 6.4

    MEDIUM
    CVE-2026-21265

    Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid comprom... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 9.8

    CRITICAL
    CVE-2025-34468

    libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote a... Read more

    Affected Products : libcoap
    • Published: Dec. 31, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2026-21219

    Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : windows_software_development_kit
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 8.9

    HIGH
    CVE-2026-22609

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Supply Chain

  • 6.1

    MEDIUM
    CVE-2023-54341

    Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, all... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-54339

    Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, suc... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2023-54337

    Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an applicat... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-54335

    eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerab... Read more

    Affected Products : extplorer
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-54334

    Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characte... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-54330

    Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targe... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-54329

    Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packet... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-54328

    AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's reg... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4506 Results