Latest CVE Feed
-
9.1
CRITICALCVE-2025-69990
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.... Read more
Affected Products : news_portal- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-69991
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.... Read more
Affected Products : news_portal- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-69992
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.... Read more
Affected Products : news_portal- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
7.0
HIGHCVE-2026-21221
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.5
HIGHCVE-2026-20965
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_admin_center- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.8
HIGHCVE-2026-20949
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.8
HIGHCVE-2026-20948
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 sharepoint_server_2019 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
8.8
HIGHCVE-2026-20947
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.8
HIGHCVE-2026-20946
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
8.4
HIGHCVE-2026-20944
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.0
HIGHCVE-2026-20943
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server sharepoint_server_2016 office_2016 sharepoint_server_2019 office_deployment_tool- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.8
HIGHCVE-2026-20941
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
5.7
MEDIUMCVE-2025-13454
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2025-13154
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.... Read more
Affected Products : vantage- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2026-0421
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems whe... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Misconfiguration
-
3.2
LOWCVE-2025-14058
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" op... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.... Read more
Affected Products : nexus_repository_manager- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-12166
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient es... Read more
Affected Products : simply_schedule_appointments- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Injection
-
3.7
LOWCVE-2026-0989
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas ca... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service