Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2026-24130

    Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. Th... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-22353

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.... Read more

    Affected Products : teachpress
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-25051

    An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2026-23831

    Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function vali... Read more

    Affected Products : rekor
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Supply Chain

  • 6.0

    MEDIUM
    CVE-2025-9290

    An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adopti... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2026-21227

    Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_logic_apps
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026

  • 7.8

    HIGH
    CVE-2025-15059

    GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : gimp
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2026-0534

    A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc... Read more

    Affected Products : fusion
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2026-24132

    Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generate... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-24138

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can ... Read more

    Affected Products : fogproject
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2026-23954

    Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-14751

    A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.... Read more

    Affected Products : cmt-ctrl01_firmware
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2026-24304

    Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_resource_manager
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026

  • 7.4

    HIGH
    CVE-2026-21521

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_word_copilot
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026

  • 9.4

    CRITICAL
    CVE-2025-54816

    This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2026-22468

    Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2026-0533

    A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor ma... Read more

    Affected Products : fusion
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-23762

    VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively)... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53968

    This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2026-24129

    Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacte... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection
Showing 20 of 4558 Results