|
14 Jan 2026 | VULN035 | Misp : Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context | Systems running misp versions prior to 2.5.31.
|
|
14 Jan 2026 | VULN034 | Spring : CVE-2026-22718 Command injection on user machine using VSCode extension for Spring CLI | Systems running Spring CLI VSCode Extension.
|
|
14 Jan 2026 | VULN033 | Fortinet : Heap-based buffer overflow in cw_acd daemon | Systems running FortiOS versions prior to 7.6.4, 7.4.9, 7.2.12, 7.0.18, 6.4.17, FortiSASE versions prior to 25.2.c, FortiSwitchManager versions prior to 7.2.7, 7.0.6.
|
|
14 Jan 2026 | VULN032 | Fortinet : Unauthenticated remote command injection in FortiSIEM | Systems running FortiSIEM versions prior to 7.4.1, 7.3.5, 7.2.7, 7.1.9.
|
|
14 Jan 2026 | VULN031 | Fortinet : Unauthenticated access to local configuration | Systems running FortiFone versions prior to 7.0.2, 3.0.24.
|
|
14 Jan 2026 | VULN030 | TYPO3 : Broken Access Control and Insecure Deserialization Vulnerabilities fixed in TYPO3 | Systems running TYPO3 CMS versions prior to 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2.
|
|
14 Jan 2026 | VULN029 | AdonisJS : Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM | Systems running @adonisjs/lucid versions prior to 21.8.2, 22.0.0-next.6.
|
|
14 Jan 2026 | VULN028 | opencode : Malicious website can execute commands on the local system through XSS in the OpenCode web UI | Systems running opencode versions prior to 1.1.10.
|
|
14 Jan 2026 | VULN027 | Apache : Apache Camel security advisory CVE-2025-66169 | Systems running Apache Camel versions prior to 4.10.8, 4.14.3, 4.17.0.
|
|
14 Jan 2026 | VULN026 | Node.js : Tuesday, January 13, 2026 Security Releases | Systems running Node.js versions prior to 20.20.0, 22.22.0, 24.13.0, 25.3.0.
|
|
13 Jan 2026 | VULN025 | VMware : Vulnerabilities fixed in VMware Tanzu GemFire 10.1.6 and 10.2.1 | Systems running VMware Tanzu Data Intelligence, VMware Tanzu Data Services Pack, VMware Tanzu Data Suite, VMware Tanzu Gemfire.
|
|
13 Jan 2026 | VULN024 | SAP : SAP Security Patch Day - January 2026 | Systems running SAP products.
|
|
13 Jan 2026 | VULN023 | react-router : Multiple vulnerabilities fixed in react-router ecosystem | Systems running @react-router/node (npm) versions prior to 7.9.4, react-router (npm) versions prior to 7.12.0, @remix-run/react (npm) versions prior to 2.17.1, @remix-run/router (npm) versions prior to 1.23.2, @remix-run/deno (npm), @remix-run/node (npm), @remix-run/server-runtime (npm) versions prior to 2.17.3.
|
|
13 Jan 2026 | VULN022 | Libpng : Heap buffer over-read vulnerabilities fixed in libpng | Systems running Libpng versions prior to 1.6.54.
|
|
12 Jan 2026 | VULN021 | Angular : XSS Vulnerability via Unsanitized SVG Script Attributes | Systems running @angular/compiler (npm), @angular/core (npm) versions prior to 21.1.0-rc.0, 21.0.7, 20.3.16, 19.2.18.
|
|
12 Jan 2026 | VULN020 | Apache : CVE-2025-68493 Apache Struts XXE vulnerability in outdated XWork component | Systems running Apache Struts versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
12 Jan 2026 | VULN019 | Centreon : Centreon Open Tickets - Vulnerabilities, one High Severity | Systems running Centreon Open Tickets versions prior to 25.10.0, 24.10.5, 24.04.5, 23.10.4.
|
|
12 Jan 2026 | VULN018 | Joomla! : Core - XSS vectors in Joomla! CMS | Systems running Joomla! CMS versions prior to 5.4.2, 6.0.2.
|
|
9 Jan 2026 | VULN016 | Apache : Multiple Vulnerabilities fixed in Apache NimBLE 1.9.0 | Systems Apache NimBLE versions prior to 1.9.0.
|
|
9 Jan 2026 | VULN017 | Centreon : Centreon AWIE - Critical Severity Vulnerabilities | Systems running Centreon AWIE versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
9 Jan 2026 | VULN015 | Tenable : Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability | Systems running Nessus Agent versions prior to 11.0.3, 10.9.3.
|
|
9 Jan 2026 | VULN014 | Trend Micro : Trend Micro Apex Central (on-premise) January 2026 Multiple Vulnerabilities | Systems Apex Central (on-premise) versions prior to Critical Patch Build 7190.
|
|
9 Jan 2026 | VULN013 | Cisco : Cisco Security Advisories Published on January 07, 2026 | Systems running Cisco Products running Snort, Cisco Identity Services Engine.
|
|
9 Jan 2026 | VULN012 | RustFS : Multiple Vulnerabilities Resolved in RustFS, one Critical | Systems running RustFS versions prior to alpha.79.
|
|
8 Jan 2026 | VULN011 | Veeam : Vulnerabilities Resolved in Veeam Backup & Replication, one Critical | Systems running Veeam Backup & Replication versions prior to 13.0.1.1071.
|
|
8 Jan 2026 | VULN010 | Vega : Vega Cross-Site Scripting (XSS) vulnerabilities | Systems running vega-selections (npm) versions prior to 6.1.2, 5.6.3, vega-functions (npm) versions prior to 6.1.1.
|
|
8 Jan 2026 | VULN009 | Google : Chrome 143.0.7499.192/.193 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 143.0.7499.192/.193.
|
|
8 Jan 2026 | VULN008 | GitLab : GitLab Patch Release 18.7.1, 18.6.3, 18.5.5 | Systems running GitLab versions prior to 18.7.1, 18.6.3, 18.5.5.
|
|
7 Jan 2026 | VULN007 | Opencti : GraphQL IDOR allows authenticated user to delete workspace content of other users | Systems running OpenCTI versions prior to 6.8.1.
|
|
7 Jan 2026 | VULN006 | Apache : CVE-2025-68280 Apache SIS XML External Entity (XXE) vulnerability | Systems running Apache SIS versions prior to 1.6.
|
|
7 Jan 2026 | VULN005 | AIOHTTP : Multiple Security Vulnerabilities fixed in AIOHTTP | Systems running AIOHTTP versions prior to 3.13.3.
|
|
7 Jan 2026 | VULN004 | curl : Multiple vulnerabilities fixed in curl 8.18.0 | Systems running curl versions prior to 8.18.0.
|
|
7 Jan 2026 | VULN003 | GNU Wget : Critical file overwrite issue with metalink in GNU Wget2 CVE-2025-69194 | Systems running GNU Wget2 versions prior to 2.2.1.
|
|
7 Jan 2026 | VULN002 | Langflow : Missing Authentication on Critical API Endpoints | Systems running Langflow versions prior to 1.7.1.
|
|
7 Jan 2026 | VULN001 | n8n : Critical RCE via Arbitrary File Write | Systems running n8n versions prior to 1.121.3.
|