Latest CVE Feed
-
6.5
MEDIUMCVE-2025-58693
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via craf... Read more
Affected Products : fortivoice- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-20965
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.0
HIGHCVE-2026-21219
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_software_development_kit- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20949
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-21224
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_connected_machine_agent- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.6
MEDIUMCVE-2025-46684
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tamp... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-20925
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20935
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-20944
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-21274
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measu... Read more
Affected Products : dreamweaver- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-20867
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20865
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.8
HIGHCVE-2026-20868
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20874
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20837
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-20835
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20851
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20820
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20861
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026