Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-46685

    Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of pri... Read more

    Affected Products : supportassist_os_recovery
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 6.2

    MEDIUM
    CVE-2026-20818

    Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20809

    Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 9.8

    CRITICAL
    CVE-2020-36911

    Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitra... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2026-20828

    Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20858

    Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 3.5

    LOW
    CVE-2025-58409

    Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-68658

    Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authent... Read more

    Affected Products : open_source_point_of_sale
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-0528

    Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper s... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2026-20835

    Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 6.5

    MEDIUM
    CVE-2026-0530

    Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume s... Read more

    Affected Products : kibana
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2026-20859

    Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2025-37186

    A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privi... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-20919

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.2

    HIGH
    CVE-2025-59922

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClie... Read more

    Affected Products : forticlientems
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-22861

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe()... Read more

    Affected Products : iccdev
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-20955

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.8

    HIGH
    CVE-2026-20948

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026

  • 7.1

    HIGH
    CVE-2026-22870

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip... Read more

    Affected Products : guarddog
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-0531

    Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer rol... Read more

    Affected Products : kibana
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4690 Results