CVE-2026-20853 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:13 PM -0500

V3.1: 7.4 HIGH

CVE-2026-20854 - Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
Published: January 13, 2026; 1:16:14 PM -0500

V3.1: 7.5 HIGH

CVE-2026-20823 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Published: January 13, 2026; 1:16:09 PM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20824 - Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
Published: January 13, 2026; 1:16:09 PM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20825 - Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
Published: January 13, 2026; 1:16:09 PM -0500

V3.1: 4.4 MEDIUM

CVE-2026-20826 - Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:10 PM -0500

V3.1: 7.0 HIGH

CVE-2026-20827 - Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.
Published: January 13, 2026; 1:16:10 PM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20828 - Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
Published: January 13, 2026; 1:16:10 PM -0500

V3.1: 4.6 MEDIUM

CVE-2026-20829 - Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.
Published: January 13, 2026; 1:16:10 PM -0500

V3.1: 5.5 MEDIUM

CVE-2026-20830 - Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
Published: January 13, 2026; 1:16:10 PM -0500

V3.1: 7.0 HIGH

CVE-2025-48371 - OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ... read CVE-2025-48371
Published: May 22, 2025; 7:15:19 PM -0400

V3.1: 8.8 HIGH

CVE-2025-66877 - Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
Published: December 29, 2025; 1:15:43 PM -0500

CVE-2025-66869 - Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
Published: December 29, 2025; 12:15:46 PM -0500

CVE-2025-60935 - An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or to... read CVE-2025-60935
Published: December 24, 2025; 10:16:01 AM -0500

V3.1: 6.1 MEDIUM

CVE-2025-68706 - A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack... read CVE-2025-68706
Published: December 29, 2025; 2:15:57 PM -0500

CVE-2025-8679 - In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthe... read CVE-2025-8679
Published: October 01, 2025; 2:15:46 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-67255 - In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
Published: December 29, 2025; 2:15:56 PM -0500

CVE-2025-67254 - NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
Published: December 29, 2025; 2:15:56 PM -0500

CVE-2025-11192 - A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSen... read CVE-2025-11192
Published: October 07, 2025; 3:15:33 PM -0400

V3.1: 8.6 HIGH

CVE-2026-0547 - A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo... read CVE-2026-0547
Published: January 02, 2026; 5:15:41 AM -0500

V3.1: 8.8 HIGH