Latest CVE Feed
-
8.1
HIGHCVE-2026-20856
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20822
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20843
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.1
MEDIUMCVE-2026-0408
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-64155
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6... Read more
Affected Products : fortisiem- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.... Read more
Affected Products : infinity- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-20860
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.1
MEDIUMCVE-2026-0407
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-20940
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2012_r2 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-21278
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this... Read more
Affected Products : indesign- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-37176
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious ac... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
3.5
LOWCVE-2025-58409
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU... Read more
Affected Products : ddk- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-20934
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-20953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.5
HIGHCVE-2026-0386
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.4
MEDIUMCVE-2026-20958
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20858
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-20952
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026