Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2026-20852

    Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 7.4

    HIGH
    CVE-2026-20853

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 7.5

    HIGH
    CVE-2026-20854

    Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 5.5

    MEDIUM
    CVE-2026-20823

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 5.5

    MEDIUM
    CVE-2026-20824

    Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 4.4

    MEDIUM
    CVE-2026-20825

    Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 7.8

    HIGH
    CVE-2026-20826

    Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026

  • 3.7

    LOW
    CVE-2026-22920

    The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cryptography

  • 3.8

    LOW
    CVE-2026-22919

    An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2026-22918

    An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-22917

    Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2026-22916

    An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-22915

    An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-22914

    An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-22913

    Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2026-22912

    Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2026-22911

    Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-22910

    The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-22909

    Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2026-22908

    Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 15, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4411 Results