Latest CVE Feed
-
5.5
MEDIUMCVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. D... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20839
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +7 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-20838
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2025-64422
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, the /login endpoint advertises a rate limit of 5 requests but can be trivially bypassed by rotating the X... Read more
Affected Products : coolify- Published: Jan. 05, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-28164
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-41768
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-14369
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to per... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20937
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
5.5
MEDIUMCVE-2025-33237
NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.... Read more
Affected Products : geforce- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-1170
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotel... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-22250
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.... Read more
Affected Products : wlc- Published: Jan. 12, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-21674
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20939
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
5.5
MEDIUMCVE-2026-20835
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-1172
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack ... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-1171
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-1736
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable asse... Read more
Affected Products : open5gs- Published: Feb. 02, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20833
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2025-15531
A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is... Read more
Affected Products : open5gs- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-24846
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a s... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Supply Chain