Latest CVE Feed
-
9.8
CRITICALCVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packet... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2023-54328
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's reg... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2022-50937
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2026-20811
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20810
Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20809
Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.0
HIGHCVE-2026-20808
Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.7
HIGHCVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.5
HIGHCVE-2026-0386
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-20953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-20952
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20950
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20955
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20956
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20957
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.1
MEDIUMCVE-2026-22198
GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an ... Read more
Affected Products : gestsup- Published: Jan. 09, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2026-22197
GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowi... Read more
Affected Products : gestsup- Published: Jan. 09, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
8.1
HIGHCVE-2026-22196
GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated at... Read more
Affected Products : gestsup- Published: Jan. 09, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
8.1
HIGHCVE-2026-22195
GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate datab... Read more
Affected Products : gestsup- Published: Jan. 09, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
4.4
MEDIUMCVE-2026-20962
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026