Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2026-20075

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of ... Read more

    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-70310

    A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-22774

    Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to de... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-52987

    A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2026-23496

    Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Conf... Read more

    Affected Products : pimcore
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2021-47801

    Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads th... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14231

    Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP67... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-12957

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitizat... Read more

    Affected Products : all-in-one_video_gallery
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-67647

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.... Read more

    Affected Products : sveltekit
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-67246

    A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures con... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2021-47803

    iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with Loc... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-66417

    GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.... Read more

    Affected Products : glpi
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2021-47805

    Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious exec... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-64729

    The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-14822

    Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens... Read more

    Affected Products : mattermost_server
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-67079

    File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2026-21906

    An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2021-47782

    Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-65349

    A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SS... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2026-22249

    Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more

    Affected Products : docmost
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal
Showing 20 of 4231 Results