Latest CVE Feed
-
0.0
NACVE-2025-71081
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails ... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2026-0684
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated at... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-71082
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allo... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68787
In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allo... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71067
In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read the boot_block without being defined or validated. Set a dummy blocksize before... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-71095
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below. [ 216.122464] Unable to handle ... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-20921
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20920
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.0
HIGHCVE-2026-20869
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.2
HIGHCVE-2025-37169
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating syste... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2026-20856
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20866
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.0
HIGHCVE-2026-20931
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.5
HIGHCVE-2026-20848
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20832
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.7
HIGHCVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20870
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.5
HIGHCVE-2025-25652
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2026-20834
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026