Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2026-20946

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.5

MEDIUM

CVE-2026-20932

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
4.3

MEDIUM

CVE-2026-20936

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.2

HIGH

CVE-2026-22814

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignm...

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authorization
7.8

HIGH

CVE-2026-20941

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.0

HIGH

CVE-2026-20943

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office sharepoint_server sharepoint_server_2016 office_2016 sharepoint_server_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
10.0

CRITICAL

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a ...

Affected Products : cosmos
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Injection
7.8

HIGH

CVE-2026-20877

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.8

HIGH

CVE-2026-20947

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.2

HIGH

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Cryptography
7.2

HIGH

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network....

Affected Products : sql_server_2022
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.1

HIGH

CVE-2026-22868

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8....

Affected Products : go_ethereum
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Denial of Service
7.5

HIGH

CVE-2026-20921

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
5.7

MEDIUM

CVE-2025-68947

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver....

Affected Products :
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authorization
8.0

HIGH

CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
8.7

HIGH

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction d...

Affected Products : guarddog
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Path Traversal
10.0

CRITICAL

CVE-2026-23478

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via sessio...

Affected Products : cal.com
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Authentication
8.8

HIGH

CVE-2026-22861

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe()...

Affected Products : iccdev
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Vuln Type: Memory Corruption
7.0

HIGH

CVE-2026-21221

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026
7.8

HIGH

CVE-2026-20920

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022 windows_11_23h2 windows_server_23h2
Published: Jan. 13, 2026

Modified: Jan. 14, 2026

Showing 20 of 4408 Results

Browse by Apps

Latest CVE Feed

7.8

5.5

4.3

8.2

7.8

7.0

10.0

7.8

8.8

8.2

7.2

7.1

7.5

5.7

8.0

8.7

10.0

8.8

7.0

7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable