Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.4

HIGH

CVE-2026-20944

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.5

HIGH

CVE-2026-20965

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20874

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20924

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.2

HIGH

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Cryptography
7.5

HIGH

CVE-2026-20921

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
3.5

LOW

CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU...

Affected Products : ddk
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
5.3

MEDIUM

CVE-2025-62182

Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file....

Affected Products : infinity
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Misconfiguration
6.5

MEDIUM

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authorization
6.6

MEDIUM

CVE-2026-22791

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host p...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.5

HIGH

CVE-2026-21226

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network....

Affected Products : azure_core_shared_client_library_for_python
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.2

HIGH

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network....

Affected Products : sql_server_2022
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.5

HIGH

CVE-2025-37166

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
7.8

HIGH

CVE-2026-20948

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 sharepoint_server_2019 office_2024 office_2021 office_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
6.2

MEDIUM

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally....

Affected Products : windows_11_23h2 windows_11_24h2 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.5

MEDIUM

CVE-2026-20939

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20923

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20946

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
6.5

MEDIUM

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.5

HIGH

CVE-2026-20926

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Showing 20 of 4421 Results

Browse by Apps

Latest CVE Feed

8.4

7.5

7.8

7.8

8.2

7.5

3.5

5.3

6.5

6.6

7.5

7.2

7.5

7.8

6.2

5.5

7.8

7.8

6.5

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable