Latest CVE Feed
-
5.3
MEDIUMCVE-2025-68949
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source ... Read more
Affected Products : n8n- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixe... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cryptography
-
8.9
HIGHCVE-2026-22869
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
4.4
MEDIUMCVE-2026-22809
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter. This vulnerability is fixed in 1.29.0... Read more
Affected Products : tarteaucitronjs- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2026-20868
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.2
HIGHCVE-2025-37172
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a priv... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.... Read more
Affected Products : infinity- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
8.2
HIGHCVE-2025-68704
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2026-20865
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20874
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.2
HIGHCVE-2026-22817
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected ... Read more
Affected Products : hono- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2026-20839
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.5
MEDIUMCVE-2026-20872
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.0
HIGHCVE-2026-20943
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server sharepoint_server_2016 office_2016 sharepoint_server_2019- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.5
HIGHCVE-2026-21226
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.... Read more
Affected Products : azure_core_shared_client_library_for_python- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
4.3
MEDIUMCVE-2026-20936
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.2
HIGHCVE-2026-22814
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignm... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-37175
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a p... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-20877
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20932
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026