Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.5

MEDIUM

CVE-2026-20819

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally....

Affected Products : windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_2h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
6.2

MEDIUM

CVE-2026-20818

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20817

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
0.0

NA

CVE-2026-23512

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advance...

Affected Products :
Published: Jan. 14, 2026

Modified: Jan. 14, 2026

Vuln Type: Misconfiguration
7.2

HIGH

CVE-2025-15443

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploi...

Affected Products : crmeb
Published: Jan. 04, 2026

Modified: Jan. 14, 2026

Vuln Type: Injection
8.8

HIGH

CVE-2025-15392

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to ...

Affected Products : kodicms
Published: Dec. 31, 2025

Modified: Jan. 14, 2026

Vuln Type: Injection
7.0

HIGH

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. The regService process, which runs with SYSTEM privileges...

Affected Products : ec2007_kernel orca_g2
Published: Dec. 31, 2025

Modified: Jan. 14, 2026

Vuln Type: Race Condition
7.8

HIGH

CVE-2026-20816

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.0

HIGH

CVE-2026-20815

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.0

HIGH

CVE-2026-20814

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.5

HIGH

CVE-2025-61557

nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal....

Affected Products : nixseparatedebuginfod
Published: Dec. 30, 2025

Modified: Jan. 14, 2026

Vuln Type: Path Traversal
6.5

MEDIUM

CVE-2026-20812

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
9.8

CRITICAL

CVE-2026-22184

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call...

Affected Products : zlib
Published: Jan. 07, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
5.5

MEDIUM

CVE-2026-0961

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

Affected Products :
Published: Jan. 14, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
6.4

MEDIUM

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid comprom...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.3

MEDIUM

CVE-2026-0962

SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

Affected Products :
Published: Jan. 14, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
4.7

MEDIUM

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

Affected Products :
Published: Jan. 14, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
5.3

MEDIUM

CVE-2026-0959

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

Affected Products :
Published: Jan. 14, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
9.8

CRITICAL

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote a...

Affected Products : libcoap
Published: Dec. 31, 2025

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.0

HIGH

CVE-2026-21219

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_software_development_kit
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Showing 20 of 4654 Results

Browse by Apps

Latest CVE Feed

5.5

6.2

7.8

0.0

7.2

8.8

7.0

7.8

7.0

7.0

7.5

6.5

9.8

5.5

6.4

5.3

4.7

5.3

9.8

7.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable