Latest CVE Feed
-
8.2
HIGHCVE-2026-21898
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21897
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-61550
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rende... Read more
Affected Products : print_shop_pro_webdesk- Published: Jan. 08, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-69221
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for t... Read more
Affected Products : librechat- Published: Jan. 07, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2026-21899
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
6.0
MEDIUMCVE-2026-22027
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-69220
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of ar... Read more
Affected Products : librechat- Published: Jan. 07, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-20873
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20874
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.5
HIGHCVE-2026-20875
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
9.1
CRITICALCVE-2025-69222
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure a... Read more
Affected Products : librechat- Published: Jan. 07, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Server-Side Request Forgery
-
6.7
MEDIUMCVE-2026-20876
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
9.8
CRITICALCVE-2026-0643
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote expl... Read more
- Published: Jan. 07, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-20877
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20918
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.5
HIGHCVE-2026-20919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20920
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
8.7
HIGHCVE-2026-22200
Enhancesoft osTicket versions 1.18.3 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently... Read more
Affected Products : osticket- Published: Jan. 12, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2026-21921
A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequent... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-21920
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service