Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP...

Affected Products : imageclass_x_mf1238_ii_firmware imageclass_x_mf1643i_ii_firmware imageclass_x_mf1643if_ii_firmware imageclass_x_lbp1238_ii_firmware imagerunner_1643if_ii_firmware imagerunner_1643i_ii_firmware
Published: Jan. 16, 2026

Modified: Jan. 16, 2026

Vuln Type: Memory Corruption
6.5

MEDIUM

CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes...

Affected Products : mailerlite
Published: Jan. 16, 2026

Modified: Jan. 16, 2026

Vuln Type: Authorization
4.8

MEDIUM

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due...

Affected Products : identity_services_engine
Published: Jan. 15, 2026

Modified: Jan. 16, 2026

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2026-21910

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to...

Affected Products : junos
Published: Jan. 15, 2026

Modified: Jan. 16, 2026

Vuln Type: Denial of Service
9.8

CRITICAL

CVE-2025-14236

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series...

Affected Products : imageclass_x_mf1238_ii_firmware imageclass_x_mf1643i_ii_firmware imageclass_x_mf1643if_ii_firmware imageclass_x_lbp1238_ii_firmware imagerunner_1643if_ii_firmware imagerunner_1643i_ii_firmware
Published: Jan. 16, 2026

Modified: Jan. 16, 2026

Vuln Type: Memory Corruption
9.8

CRITICAL

CVE-2025-14233

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670...

Affected Products : imageclass_x_mf1238_ii_firmware imageclass_x_mf1643i_ii_firmware imageclass_x_mf1643if_ii_firmware imageclass_x_lbp1238_ii_firmware imagerunner_1643if_ii_firmware imagerunner_1643i_ii_firmware
Published: Jan. 16, 2026

Modified: Jan. 16, 2026

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2026-20940

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
5.5

MEDIUM

CVE-2026-20939

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
7.8

HIGH

CVE-2026-20938

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_2h2
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
5.5

MEDIUM

CVE-2026-20937

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
4.3

MEDIUM

CVE-2026-20936

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
6.2

MEDIUM

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally....

Affected Products : windows_11_23h2 windows_11_24h2 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
7.5

HIGH

CVE-2026-20934

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
8.8

HIGH

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is ...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 16, 2026

Vuln Type: Authentication
5.5

MEDIUM

CVE-2026-20932

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
8.0

HIGH

CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
7.5

HIGH

CVE-2026-20929

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +5 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
5.3

MEDIUM

CVE-2026-20927

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
7.5

HIGH

CVE-2026-20926

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026
6.5

MEDIUM

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Jan. 13, 2026

Modified: Jan. 16, 2026

Showing 20 of 4388 Results

Browse by Apps

Latest CVE Feed

9.8

6.5

4.8

7.1

9.8

9.8

7.8

5.5

7.8

5.5

4.3

6.2

7.5

8.8

5.5

8.0

7.5

5.3

7.5

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable