Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.2

MEDIUM

CVE-2026-20818

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.0

HIGH

CVE-2026-20863

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20877

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.1

HIGH

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip...

Affected Products : guarddog
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
6.5

MEDIUM

CVE-2026-0530

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume s...

Affected Products : kibana
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
6.5

MEDIUM

CVE-2026-0531

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer rol...

Affected Products : kibana
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
7.8

HIGH

CVE-2026-20923

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.5

MEDIUM

CVE-2026-20932

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20941

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20864

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.2

HIGH

CVE-2025-37175

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a p...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authentication
7.2

HIGH

CVE-2025-59922

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClie...

Affected Products : forticlientems
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Injection
5.5

MEDIUM

CVE-2026-21278

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this...

Affected Products : indesign
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potentia...

Affected Products : ddk
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
5.5

MEDIUM

CVE-2026-20819

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally....

Affected Products : windows_11_23h2 windows_11_24h2 windows_11_2h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.2

HIGH

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network....

Affected Products : sql_server_2022
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20957

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
4.6

MEDIUM

CVE-2026-20959

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
6.5

MEDIUM

CVE-2026-20812

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.4

HIGH

CVE-2026-20953

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Showing 20 of 4679 Results

Browse by Apps

Latest CVE Feed

6.2

7.0

7.8

7.1

6.5

6.5

7.8

5.5

7.8

7.8

7.2

7.2

5.5

7.8

5.5

7.2

7.8

4.6

6.5

8.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable