THREAT ALERT

EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 25, 2026

31 CVEs tracked today. 0 Critical, 11 High, 17 Medium, 3 Low.

CVE-2026-23013 HIGH CVSS 7.0
The Linux kernel's Octeon EP VF driver contains a use-after-free vulnerability in IRQ error handling where mismatched device IDs between request_irq() and free_irq() calls can leave IRQ handlers registered after their associated memory is freed. A local attacker with standard privileges can trigger an interrupt after the vulnerable ioq_vector structure is deallocated, causing a kernel crash or potential code execution. No patch is currently available.

Linux Use After Free Denial Of Service Memory Corruption Redhat
CVE-2026-23012 HIGH CVSS 7.8
A use-after-free vulnerability in Linux kernel DAMON subsystem allows local users with sysfs write permissions to trigger memory corruption by calling damon_call() against inactive contexts, causing dangling pointers in the call_controls list. An attacker could leverage this to achieve information disclosure or denial of service, though exploitation complexity is moderate due to permission requirements. The vulnerability currently lacks a patch and affects Linux kernel versions with the vulnerable DAMON code.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel
CVE-2026-23010 HIGH CVSS 7.8
A use-after-free vulnerability in the Linux kernel's IPv6 address deletion function allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code or cause a denial of service. The flaw occurs when ipv6_del_addr() is called prematurely before temporary address flags are read, leaving a dangling pointer reference. No patch is currently available for this high-severity vulnerability affecting Linux systems.

Linux Use After Free Information Disclosure Memory Corruption Google
CVE-2026-23001 HIGH CVSS 7.8
A use-after-free vulnerability in the Linux kernel's macvlan driver allows local attackers with user privileges to cause memory corruption and potential privilege escalation through improper RCU synchronization in the macvlan_forward_source() function. The flaw stems from missing RCU protection when clearing vlan pointers during source entry deletion, enabling attackers to access freed memory structures. No patch is currently available for this HIGH severity vulnerability affecting Linux distributions.

Linux Google Use After Free Memory Corruption Information Disclosure
CVE-2026-22998 HIGH CVSS 7.5
The Linux kernel's NVMe-TCP implementation fails to validate pointer initialization in nvmet_tcp_build_pdu_iovec(), allowing remote attackers to trigger NULL pointer dereferences and cause denial of service by sending H2C_DATA PDUs before completing proper command initialization. An unauthenticated network attacker can exploit this vulnerability to crash the kernel without requiring user interaction or special privileges.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2025-71162 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. [CVSS 7.8 HIGH]

Linux Use After Free Denial Of Service Race Condition Linux Kernel
CVE-2020-36937 HIGH CVSS 7.8
MEmusvc Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
CVE-2020-36936 HIGH CVSS 7.8
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path. [CVSS 7.8 HIGH]

Windows
CVE-2020-36935 HIGH CVSS 7.8
Service KMSELDI configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2020-36934 HIGH CVSS 7.8
DeepNetworkService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Windows
CVE-2020-36933 HIGH CVSS 7.8
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 7.8 HIGH]

Code Injection
CVE-2026-23011 MEDIUM CVSS 5.5
The Linux kernel's ipgre_header() function lacks proper validation when handling dynamically resized network device headers, allowing local attackers with network privileges to trigger kernel panics through memory corruption. This vulnerability affects systems using team or bonding drivers that can modify device headroom parameters, enabling denial of service attacks without requiring user interaction.

Linux Denial Of Service Google Linux Kernel Redhat
CVE-2026-23009 MEDIUM CVSS 5.5
The Linux kernel xHCI sideband endpoint removal function can crash when dereferencing a freed or non-existent transfer ring during suspend/resume cycles or device re-enumeration. A local attacker with user-level privileges can trigger a denial of service by causing the kernel to dereference invalid memory, resulting in a system crash. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2026-23008 MEDIUM CVSS 5.5
The vmwgfx driver in the Linux kernel crashes due to a null pointer dereference when KMS with 3D graphics is used on hardware version 10, which lacks GB Surfaces support. A local attacker with user-level privileges can trigger this vulnerability to cause a denial of service by crashing the display driver, resulting in a black screen. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Redhat
CVE-2026-23007 MEDIUM CVSS 5.5
The Linux kernel's block layer fails to properly initialize non-protection information portions of auto-generated integrity buffers during write operations, allowing uninitialized memory containing sensitive data to be exposed to userspace or physical attackers with storage device access. This occurs when protection information is enabled with metadata sizes larger than the protection information tuple size, leaving the remainder uninitialized. Local attackers with appropriate permissions can read this uninitialized memory to leak kernel data.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-23006 MEDIUM CVSS 5.5
The Linux kernel's ASoC tlv320adcx140 audio driver contains a null pointer dereference in the adcx140_priv structure due to improper initialization of the snd_soc_component field, allowing local authenticated users to trigger a denial of service. An attacker with local access and user-level privileges can crash the audio subsystem by invoking the vulnerable code path. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2026-23005 MEDIUM CVSS 5.5
KVM on Linux with Intel processors fails to properly clear XSTATE_BV flags when XFD (eXtended Feature Disable) is set, causing kernel panic when XRSTOR attempts to restore disabled CPU features. A local attacker with guest OS access can trigger this denial of service by manipulating XSAVE state through KVM_SET_XSAVE or guest WRMSR operations. No patch is currently available for this medium-severity vulnerability.

Linux Authentication Bypass Intel Linux Kernel Redhat
CVE-2026-23004 MEDIUM CVSS 4.7
A race condition in Linux kernel routing code allows local authenticated attackers to cause a denial of service by triggering a kernel crash through unsynchronized list operations in rt6_uncached_list_del() and rt_del_uncached_list(). The vulnerability occurs when concurrent CPU operations on list data structures result in use-after-free conditions during list initialization. No patch is currently available for this medium-severity issue.

Linux Denial Of Service Google Race Condition Linux Kernel
CVE-2026-23003 MEDIUM CVSS 5.5
The Linux kernel's IPv6 tunnel implementation fails to properly handle VLAN-encapsulated packets in __ip6_tnl_rcv(), allowing a local attacker with user privileges to cause a denial of service through uninitialized memory access. The vulnerability stems from using an insufficient packet validation function that does not account for VLAN headers, triggering kernel crashes during ECN decapsulation. No patch is currently available for this medium-severity issue affecting Linux systems.

Linux Google Information Disclosure Linux Kernel Redhat
CVE-2026-23002 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's build ID library can cause a denial of service when reading files in sleepable contexts. Local users with standard privileges can trigger a kernel crash through the filemap_read_folio() code path. This vulnerability requires no user interaction and affects the availability of the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2026-23000 MEDIUM CVSS 5.5
The Linux kernel mlx5e driver crashes with a null pointer dereference when profile change operations fail and rollback is unsuccessful, leaving the network device in an invalid state. A local attacker with standard user privileges can trigger a denial of service by attempting subsequent profile changes, such as through switchdev mode modifications, which will access the dangling null pointer and crash the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2026-22999 MEDIUM CVSS 5.5
The Linux kernel's QFQ packet scheduler contains a use-after-free vulnerability in the qfq_change_class() function that incorrectly frees class and qdisc objects during error conditions, potentially causing a crash or memory corruption. A local attacker with unprivileged access can trigger this vulnerability to achieve a denial of service. A patch is available to resolve this issue.

Linux Linux Kernel Redhat Suse
CVE-2026-22997 MEDIUM CVSS 5.5
The Linux kernel's CAN J1939 protocol implementation fails to properly deactivate sessions when receiving duplicate request-to-send messages, causing reference count leaks that prevent network device cleanup. A local attacker with user-level privileges can trigger this condition to cause a denial of service by exhausting kernel resources and preventing proper device unregistration. A patch is available to resolve the session lifecycle management issue.

Linux Linux Kernel Redhat Suse
CVE-2026-22996 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's mlx5e driver allows local attackers with user privileges to cause a denial of service by triggering a kernel panic when eswitch mode configuration fails. The vulnerability occurs when mlx5e_priv structure is improperly dereferenced during profile attachment failures, particularly when switching to switchdev mode. A patch is available to resolve this issue by storing netdev directly instead of referencing the unstable mlx5e_priv structure.

Linux Null Pointer Dereference Linux Kernel Redhat Suse
CVE-2025-71163 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface. [CVSS 5.5 MEDIUM]

Linux Dns Linux Kernel Redhat Suse
CVE-2025-6461 MEDIUM CVSS 4.3
All-in-One Dynamic Content Framework versions up to 1.1.27 is affected by information exposure (CVSS 4.3).

WordPress PHP Information Disclosure
CVE-2020-36932 MEDIUM CVSS 6.1
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. [CVSS 6.1 MEDIUM]

XSS Seacms
CVE-2020-36931 MEDIUM CVSS 6.4
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests. [CVSS 6.4 MEDIUM]

XSS
CVE-2026-1408 LOW CVSS 2.0
777Vr1 Firmware versions up to 01.00.09 contains a vulnerability that allows attackers to weak password requirements (CVSS 2.0).

Information Disclosure
CVE-2026-1407 LOW CVSS 2.0
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. [CVSS 2.0 LOW]

Information Disclosure
CVE-2026-1406 LOW CVSS 3.5
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. [CVSS 3.5 LOW]

Java Open Redirect

Today's Vulnerabilities Vulnerabilities