Latest CVE Feed
-
5.5
MEDIUMCVE-2026-1170
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotel... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-15504
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The... Read more
Affected Products : lief- Published: Jan. 10, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-46306
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-28164
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-15539
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiate... Read more
Affected Products : open5gs- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-25061
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can caus... Read more
Affected Products : tcpflow- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20823
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-24857
`bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpa... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-1174
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remote... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-22795
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory r... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-23874
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version... Read more
Affected Products : imagemagick- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22250
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.... Read more
Affected Products : wlc- Published: Jan. 12, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-22808
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authenticatio... Read more
Affected Products : fleet- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-1521
A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The ... Read more
Affected Products : open5gs- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20819
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-1171
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-41768
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-1587
A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiat... Read more
Affected Products : open5gs- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-28162
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing th... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22276
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, lead... Read more
Affected Products : objectscale- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure