Latest CVE Feed
-
7.8
HIGHCVE-2025-20781
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101829... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-20780
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101840... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-20778
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2021-47879
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-20843
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2024-44238
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.... Read more
- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47343
Memory corruption while processing a video session to set video parameters.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware qcm6490_firmware wcd9370_firmware wcd9375_firmware fastconnect_6900_firmware fastconnect_7800_firmware fastconnect_6700_firmware qca0000_firmware wsa8840_firmware +40 more products- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20864
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2021-47886
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' t... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tam... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21486
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CI... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20870
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20957
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2025-12051
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-12050
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-12053
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20877
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-21678
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue ha... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2021-47887
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accou... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_... Read more
Affected Products : libpng- Published: Jan. 12, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Memory Corruption