Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2021-47767

    10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential p... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2021-47755

    Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'file... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2021-47754

    Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2021-47753

    phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system comma... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2021-47752

    AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladm... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-69259

    A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulner... Read more

    Affected Products : windows apex_central
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23519

    RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits no... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-69260

    A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products : windows apex_central
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23511

    ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2024-48077

    An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock an... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2026-22597

    Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfil... Read more

    Affected Products : ghost
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2026-22596

    Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitr... Read more

    Affected Products : ghost
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2026-22595

    Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible... Read more

    Affected Products : ghost
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2026-20923

    Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 6.3

    MEDIUM
    CVE-2025-9014

    A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web p... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-70298

    GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-61973

    A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2026-22594

    Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.... Read more

    Affected Products : ghost
    • Published: Jan. 10, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-21874

    NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never r... Read more

    Affected Products : nicegui
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2026-21873

    NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross... Read more

    Affected Products : nicegui
    • Published: Jan. 08, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4402 Results