Latest CVE Feed
-
5.5
MEDIUMCVE-2026-21303
Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of thi... Read more
Affected Products : substance_3d_modeler- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-37185
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful expl... Read more
Affected Products : edgeconnect_sd-wan_orchestrator- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-46306
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20932
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
5.5
MEDIUMCVE-2026-22250
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.... Read more
Affected Products : wlc- Published: Jan. 12, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-23951
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord wh... Read more
Affected Products : sumatrapdf- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-47369
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware +340 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-70310
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.... Read more
Affected Products : gpac- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22587
Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-1739
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out r... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20829
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-21496
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue ha... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-15539
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiate... Read more
Affected Products : open5gs- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20824
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-22276
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, lead... Read more
Affected Products : objectscale- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-9435
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module... Read more
Affected Products : manageengine_admanager_plus- Published: Jan. 13, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-20805
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Actively Exploited
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
5.5
MEDIUMCVE-2026-1736
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable asse... Read more
Affected Products : open5gs- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20839
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +7 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
5.5
MEDIUMCVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026