Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2026-20953

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 8.4

    HIGH
    CVE-2026-20952

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20950

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20955

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20956

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20957

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 8.8

    HIGH
    CVE-2019-25254

    KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin... Read more

    Affected Products : net_admin
    • Published: Dec. 24, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2019-25253

    KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more

    Affected Products : net_admin
    • Published: Dec. 24, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2026-22198

    GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an ... Read more

    Affected Products : gestsup
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-66866

    An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2026-22197

    GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowi... Read more

    Affected Products : gestsup
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-66865

    An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66864

    An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66863

    An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2026-22196

    GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated at... Read more

    Affected Products : gestsup
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2026-22195

    GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate datab... Read more

    Affected Products : gestsup
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-66862

    A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-66861

    An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.... Read more

    Affected Products : binutils
    • Published: Dec. 29, 2025
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2026-20962

    Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-21287

    Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4687 Results