Latest CVE Feed
-
7.8
HIGHCVE-2026-20811
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20839
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20822
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2025-8090
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-46685
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of pri... Read more
Affected Products : supportassist_os_recovery- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-20826
Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20833
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20935
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.3
MEDIUMCVE-2025-37178
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
3.5
LOWCVE-2025-58409
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU... Read more
Affected Products : ddk- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.... Read more
Affected Products : infinity- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
8.9
HIGHCVE-2026-22869
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-37170
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a priv... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-37176
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious ac... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64155
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6... Read more
Affected Products : fortisiem- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
7.0
HIGHCVE-2026-20808
Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20857
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20859
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20922
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20821
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026