Latest CVE Feed
-
5.5
MEDIUMCVE-2025-68276
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LO... Read more
Affected Products : avahi- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21674
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22231
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-20829
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20823
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20819
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20937
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.... Read more
Affected Products : netman_208- Published: Dec. 24, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-21302
Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of thi... Read more
Affected Products : substance_3d_modeler- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21496
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue ha... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21497
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue h... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22233
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-22232
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-21288
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20939
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2025-15449
A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName ... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-0731
A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carrie... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20932
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-21301
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more
Affected Products : substance_3d_modeler- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service