THREAT ALERT

EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-20805 5.5 Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 18, 2026

28 CVEs tracked today. 0 Critical, 2 High, 11 Medium, 15 Low.

CVE-2026-23644 HIGH CVSS 7.5
Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers to write arbitrary files to the server through malicious tar archives, bypassing incomplete path sanitization. Public exploit code exists for this vulnerability. The issue stems from improper validation of absolute paths in tar file entries, enabling potential code execution or service disruption on affected systems.

Path Traversal Github Golang Esm.Sh Suse
CVE-2026-0863 HIGH CVSS 8.5
Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. External execution mode deployments using Docker sidecars have reduced impact as code execution is confined to the container rather than the main node.

Python Docker AI / ML N8n
CVE-2026-23733 MEDIUM CVSS 6.4
Stored XSS in LobeChat's Mermaid artifact renderer prior to version 2.0.0-next.180 enables attackers to execute arbitrary JavaScript, which can be escalated to remote code execution through the exposed electronAPI IPC bridge to run system commands. This affects users of the open source chat platform running vulnerable versions, requiring local interaction and high privileges to exploit but resulting in full system compromise. No patch is currently available.

XSS RCE AI / ML
CVE-2026-23626 MEDIUM CVSS 6.8
Kimai versions prior to 2.46.0 contain an overly permissive Twig sandbox configuration in the export functionality that allows authenticated users with export permissions to execute arbitrary method calls and extract sensitive data such as environment variables, password hashes, and session tokens. Public exploit code exists for this vulnerability. The issue is resolved in version 2.46.0 and later.

CSRF Kimai
CVE-2026-23525 MEDIUM CVSS 6.4
Stored XSS in 1Panel's App Store allows attackers to inject malicious scripts into application details that execute in users' browsers when viewed, potentially enabling session hijacking or unauthorized system access. Versions up to v1.10.33-lts and v2.0.16 are vulnerable, with no patch currently available. An attacker could publish a compromised application to steal credentials, modify system functions, or compromise system availability.

XSS Authentication Bypass 1panel
CVE-2026-1125 MEDIUM CVSS 5.5
Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

Command Injection D-Link
CVE-2026-1124 MEDIUM CVSS 5.5
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/work_report.jsp endpoint, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

SQLi
CVE-2026-1123 MEDIUM CVSS 5.5
SQL injection in Yonyou KSOA 9.0's /worksheet/work_mod.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure. The attack requires no user interaction and could enable unauthorized data access or modification.

SQLi
CVE-2026-1122 MEDIUM CVSS 5.5
Yonyou KSOA 9.0 contains a SQL injection vulnerability in the /worksheet/work_info.jsp endpoint via an unsanitized ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires no user interaction and can result in unauthorized data access, modification, or denial of service.

SQLi
CVE-2026-1121 MEDIUM CVSS 5.5
SQL injection in Yonyou KSOA 9.0's /worksheet/del_workplan.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi
CVE-2026-1120 MEDIUM CVSS 5.5
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/del_work.jsp endpoint, potentially enabling unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi
CVE-2026-1119 MEDIUM CVSS 5.5
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
CVE-2026-1105 MEDIUM CVSS 5.5
SQL injection in EasyCMS up to version 1.6 via the _order parameter in /UserAction.class.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP SQLi
CVE-2026-1126 LOW CVSS 2.1
Unrestricted file upload in lwj flow's SVG File Handler (FormResource.java) allows authenticated remote attackers to upload arbitrary files due to insufficient input validation on the File parameter. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Affected installations using Java should restrict file upload functionality until an update is available.

Authentication Bypass Java File Upload
CVE-2026-1118 LOW CVSS 2.1
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/add_activity.php, enabling remote data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
CVE-2026-1112 LOW CVSS 2.1
PublicCMS versions up to 5.202506.d contain an authorization bypass in the Trade Address Deletion endpoint that allows authenticated attackers to manipulate request parameters and delete arbitrary trade addresses. The vulnerability is network-accessible, requires valid credentials, and has public exploit code available with no patch currently provided. An attacker with legitimate access could leverage this flaw to perform unauthorized data deletion affecting the trade functionality.

Java Information Disclosure
CVE-2026-1111 LOW CVSS 2.0
Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal
CVE-2026-1110 LOW CVSS 1.9
Librtsp versions up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04 contain a buffer overflow in the rtsp_parse_method function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Buffer Overflow
CVE-2026-1109 LOW CVSS 1.9
Buffer overflow in cijliu librtsp's rtsp_parse_request function allows local attackers with user privileges to achieve limited confidentiality and integrity impact. Public exploit code exists for this vulnerability, though no patch is currently available and rolling releases make version tracking difficult.

Buffer Overflow
CVE-2026-1108 LOW CVSS 1.9
Buffer overflow in the rtsp_rely_dumps function of librtsp allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, though the vendor has not provided patches despite early notification. The affected library uses rolling releases, making it difficult to determine specific vulnerable versions.

Buffer Overflow
CVE-2026-1107 LOW CVSS 2.1
Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.

PHP Authentication Bypass File Upload
CVE-2026-1106 LOW CVSS 2.1
Improper authorization in Chamilo LMS up to 2.0.0 Beta 1 allows authenticated users to manipulate the userId parameter in the Legal Consent Handler's deleteLegal function, enabling unauthorized modification or deletion of legal consent records. Public exploit code exists for this vulnerability, and no patch is currently available. The vendor has not responded to disclosure attempts.

PHP Information Disclosure
CVE-2025-15538 LOW CVSS 1.9
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service
CVE-2025-15537 LOW CVSS 1.9
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow
CVE-2025-15536 LOW CVSS 1.9
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow
CVE-2025-15535 LOW CVSS 1.9
A security flaw has been discovered in nicbarker clay versions up to 0.14. is affected by improper resource shutdown or release (CVSS 3.3).

Denial Of Service
CVE-2025-15534 LOW CVSS 1.9
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]

Buffer Overflow
CVE-2025-15533 LOW CVSS 1.9
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. [CVSS 5.3 MEDIUM]

Buffer Overflow

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities