Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2026-0943

    HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-20... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-0915

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured D... Read more

    Affected Products : glibc
    • Published: Jan. 15, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2026-0904

    Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-0903

    Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2026-0902

    Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-0610

    SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12... Read more

    Affected Products : devolutions_server
    • Published: Jan. 19, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68616

    WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (s... Read more

    Affected Products : weasyprint
    • Published: Jan. 19, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-67824

    The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.1-jira9, 4.24.1-jira10, and 4.24.1-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. ... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-65482

    An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-64155

    An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6... Read more

    Affected Products : fortisiem
    • Published: Jan. 13, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-64087

    A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-59355

    A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive inf... Read more

    Affected Products : linkis
    • Published: Jan. 19, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-56353

    In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription reques... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-36419

    IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-36418

    IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-36411

    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 3.1

    LOW
    CVE-2025-36410

    IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-36409

    IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-36408

    IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-36397

    IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4191 Results