Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2021-47771

    RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the so... Read more

    Affected Products : rdp_manager
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2021-47772

    10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a rever... Read more

    Affected Products : network_inventory_explorer
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2021-47773

    Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing maliciou... Read more

    Affected Products : power_core
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2021-47776

    Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRe... Read more

    Affected Products : umbraco_cms umbraco
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-67246

    A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures con... Read more

    Affected Products : ludashi_driver
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-70298

    GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70304

    A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-70305

    A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-70308

    An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-70309

    A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-70310

    A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.... Read more

    Affected Products : gpac
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-23768

    lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file... Read more

    Affected Products : lucy-xss-filter
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2026-23769

    lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.... Read more

    Affected Products : lucy-xss-filter
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2026-24423

    SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS comma... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2026-1299

    The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" wr... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2026-0798

    Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, pot... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2026-0672

    When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.... Read more

    Affected Products : python
    • Published: Jan. 20, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-71177

    LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-70899

    PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious we... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-67230

    Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Authorization
Showing 20 of 4334 Results