Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.2

HIGH

CVE-2026-22818

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification whe...

Affected Products : hono
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authentication
6.9

MEDIUM

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authentication
10.0

CRITICAL

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a ...

Affected Products : cosmos
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Injection
7.5

HIGH

CVE-2025-37166

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
6.1

MEDIUM

CVE-2026-0407

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authentication
7.8

HIGH

CVE-2026-20918

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20924

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.3

MEDIUM

CVE-2025-37179

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.2

HIGH

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a priv...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Injection
5.1

MEDIUM

CVE-2025-15056

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3....

Affected Products : quill
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Cross-Site Scripting
7.8

HIGH

CVE-2026-20949

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 office_2024 office_2021
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
6.6

MEDIUM

CVE-2026-22791

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host p...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2026-20941

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.3

MEDIUM

CVE-2025-68949

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source ...

Affected Products : n8n
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Misconfiguration
7.0

HIGH

CVE-2026-20943

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office sharepoint_server sharepoint_server_2016 office_2016 sharepoint_server_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20940

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2012_r2 +2 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
4.3

MEDIUM

CVE-2026-20936

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.5

HIGH

CVE-2026-20854

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20864

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.0

HIGH

CVE-2026-20863

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Showing 20 of 4510 Results

Browse by Apps

Latest CVE Feed

8.2

6.9

10.0

7.5

6.1

7.8

7.8

5.3

7.2

5.1

7.8

6.6

7.8

5.3

7.0

7.8

4.3

7.5

7.8

7.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable