CVE-2026-20873 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 7.8 HIGH

CVE-2026-20874 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 7.8 HIGH

CVE-2026-20875 - Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 7.5 HIGH

CVE-2025-69222 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to con... read CVE-2025-69222
Published: January 07, 2026; 5:15:43 PM -0500

V3.1: 8.1 HIGH

CVE-2026-20876 - Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 6.7 MEDIUM

CVE-2026-0643 - A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Rem... read CVE-2026-0643
Published: January 07, 2026; 7:17:07 AM -0500

V3.1: 9.8 CRITICAL

CVE-2026-20877 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 7.8 HIGH

CVE-2026-20918 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:17 PM -0500

V3.1: 7.8 HIGH

CVE-2026-20919 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Published: January 13, 2026; 1:16:18 PM -0500

V3.1: 7.5 HIGH

CVE-2026-20920 - Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:18 PM -0500

V3.1: 7.8 HIGH

CVE-2026-20921 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Published: January 13, 2026; 1:16:18 PM -0500

V3.1: 7.5 HIGH

CVE-2026-22244 - OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the v... read CVE-2026-22244
Published: January 08, 2026; 11:16:02 AM -0500

V3.1: 7.2 HIGH

CVE-2026-22043 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted se... read CVE-2026-22043
Published: January 08, 2026; 10:15:45 AM -0500

V3.1: 9.8 CRITICAL

CVE-2026-22042 - RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permission... read CVE-2026-22042
Published: January 08, 2026; 10:15:45 AM -0500

V3.1: 8.8 HIGH

CVE-2025-15263 - A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing manipulation of the argument Username can lead to sql injection. The attack can b... read CVE-2025-15263
Published: December 30, 2025; 2:15:43 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-15262 - A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing manipulation of the argument image results in unrestricted upload. Re... read CVE-2025-15262
Published: December 30, 2025; 1:15:46 PM -0500

V3.1: 7.2 HIGH

CVE-2026-20922 - Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Published: January 13, 2026; 1:16:18 PM -0500

V3.1: 7.8 HIGH

CVE-2025-12202 - A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack ca... read CVE-2025-12202
Published: October 26, 2025; 10:15:46 PM -0400

CVE-2025-12201 - A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of... read CVE-2025-12201
Published: October 26, 2025; 10:15:45 PM -0400

V3.1: 7.2 HIGH

CVE-2026-22245 - Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP address... read CVE-2026-22245
Published: January 08, 2026; 11:16:02 AM -0500

V3.1: 7.5 HIGH