Latest Security Vulnerabilities

Friday January 23, 2026

Microsoft Azure Resource Manager

CVE-2026-24304 Jan 2026: Azure Resource Manager Elevation of Privilege Vulnerability

Thursday January 22, 2026

Microsoft Azure Logic Apps

CVE-2026-21227 Jan 2026: Azure Logic Apps Elevation of Privilege Vulnerability

Microsoft Micrososft Account

CVE-2026-21264 Jan 2026: Microsoft Account Spoofing Vulnerability

Microsoft Copilot Studio

CVE-2026-21520 Jan 2026: Copilot Studio Information Disclosure Vulnerability

Microsoft 365 Word Copilot

CVE-2026-21521 Jan 2026: Word Copilot Information Disclosure Vulnerability

Microsoft Azure Data Explorer

CVE-2026-21524 Jan 2026: Azure Data Explorer Information Disclosure Vulnerability

Microsoft Entra Id

CVE-2026-24305 Jan 2026: Azure Entra ID Elevation of Privilege Vulnerability

Microsoft Azure Front Door

CVE-2026-24306 Jan 2026: Azure Front Door Elevation of Privilege Vulnerability

Microsoft 365 Copilot

CVE-2026-24307 Jan 2026: M365 Copilot Information Disclosure Vulnerability

Friday January 16, 2026

Microsoft Power Apps

CVE-2026-20960 Jan 2026: Microsoft Power Apps Remote Code Execution Vulnerability

Microsoft Edge Chromium

CVE-2026-21223 Jan 2026: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Tuesday January 13, 2026

Microsoft Sql Server 2022

CVE-2026-20803 Jan 2026: Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2026-20804 Jan 2026: Windows Hello Tampering Vulnerability
CVE-2026-20805 Jan 2026: Desktop Window Manager Information Disclosure Vulnerability
CVE-2026-20809 Jan 2026: Windows Kernel Memory Elevation of Privilege Vulnerability
CVE-2026-20810 Jan 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20812 Jan 2026: LDAP Tampering Vulnerability
CVE-2026-20814 Jan 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-20816 Jan 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-20821 Jan 2026: Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-20822 Jan 2026: Windows Graphics Component Elevation of Privilege Vulnerability
And others...

Microsoft Windows Server 2025

CVE-2026-20808 Jan 2026: Windows File Explorer Elevation of Privilege Vulnerability
CVE-2026-20815 Jan 2026: Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2026-20830 Jan 2026: Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2026-20835 Jan 2026: Capability Access Management Service (camsvc) Information Disclosure Vulnerability
CVE-2026-20851 Jan 2026: Capability Access Management Service (camsvc) Information Disclosure Vulnerability
CVE-2026-20854 Jan 2026: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerabi
CVE-2026-20859 Jan 2026: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2026-20870 Jan 2026: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2026-20876 Jan 2026: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
And others...

Microsoft Windows Server 2022

CVE-2026-20811 Jan 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-20817 Jan 2026: Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2026-20820 Jan 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-20838 Jan 2026: Windows Kernel Information Disclosure Vulnerability
CVE-2026-20842 Jan 2026: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-20863 Jan 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-20871 Jan 2026: Desktop Windows Manager Elevation of Privilege Vulnerability
CVE-2026-20920 Jan 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-20922 Jan 2026: Windows NTFS Remote Code Execution Vulnerability

Microsoft Windows Server 2019

CVE-2026-20818 Jan 2026: Windows Kernel Information Disclosure Vulnerability
CVE-2026-20833 Jan 2026: Windows Kerberos Information Disclosure Vulnerability
CVE-2026-0386 Jan 2026: Windows Deployment Services Remote Code Execution Vulnerability

Microsoft Windows 11 2h2

CVE-2026-20819 Jan 2026: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2026-20938 Jan 2026: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2026-20962 Jan 2026: Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Microsoft Windows 11 25h2

CVE-2026-20857 Jan 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-20935 Jan 2026: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Microsoft Sharepoint Server 2019

CVE-2026-20943 Jan 2026: Microsoft Office Click-To-Run Remote Code Execution Vulnerability

Microsoft 365 Apps

CVE-2026-20944 Jan 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20949 Jan 2026: Microsoft Excel Security Feature Bypass Vulnerability
CVE-2026-20956 Jan 2026: Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office 2019

CVE-2026-20946 Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20952 Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20953 Jan 2026: Microsoft Office Remote Code Execution Vulnerability

Microsoft Sharepoint Server 2016

CVE-2026-20947 Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20948 Jan 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20951 Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20958 Jan 2026: Microsoft SharePoint Information Disclosure Vulnerability
CVE-2026-20959 Jan 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20963 Jan 2026: Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft Office 2021

CVE-2026-20950 Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20955 Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20957 Jan 2026: Microsoft Excel Remote Code Execution Vulnerability

Microsoft Azure Portal Windows Admin Center

CVE-2026-20965 Jan 2026: Windows Admin Center Elevation of Privilege Vulnerability

Microsoft Windows Sdk

CVE-2026-21219 Jan 2026: Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Microsoft Azure Connected Machine Agent

CVE-2026-21224 Jan 2026: Azure Connected Machine Agent Elevation of Privilege Vulnerability

Microsoft Azure Core Shared Client Library Python

CVE-2026-21226 Jan 2026: Azure Core shared client library for Python Remote Code Execution Vulnerability

Wednesday January 7, 2026

Microsoft

CVE-2025-9611 Jan 2026: Microsoft Playwright MCP Server < 0.0.40 DNS Rebinding via Missing Origin Header Validatio

Microsoft Edge Browser

CVE-2025-62224 Jan 2026: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Sunday December 28, 2025

Unclassified

CVE-2025-15122 JeecgBoot <=3.9.0: Improper Auth via loadDatarule (Remote)
CVE-2025-15119 JeecgBoot <3.9.0 remote auth flaw via deptId (CVE-2025-15119)
CVE-2025-15120 JeecgBoot <=3.9.0: getDeptRoleList Auth Bypass
CVE-2025-15123 JeecgBoot <=3.9.0 Improper Auth via SysDepartPermission DataRule
CVE-2025-15125 Unauthorized Access via departId manipulation in JeecgBoot 3.9.0
CVE-2025-15126 JeecgBoot <3.9.0 Improper Auth via getPositionUserList (PositionId)
CVE-2025-15121 JeecgBoot <3.9.0 Info Disclosure via departId
CVE-2025-15131 ZSPACE Z4Pro+ 1.0.0440024 - HTTP POST Request Handler Command Injection
CVE-2025-15124 JeecgBoot <=3.9.0 Improper Auth via departId in getParameterMap Remote
And others...

Zkteco Biotime

CVE-2025-15128 ZKTeco BioTime <9.5.2: Unprotected Credentials via backup_encryption_password_decrypt

Trendnet

CVE-2025-15136 Command Injection in TRENDnet TEW-800MB 1.0.1.0 Management Interface

Dromara

CVE-2025-15117 Dromara Sa-Token <=1.44.0: Remote Deserialization via SaJdkSerializer

Macrozheng

CVE-2025-15118 Improper auth in MacroZheng Mall Member Endpoint before v1.0.3

Opencart

CVE-2025-15116 OpenCart SRCCHandler Race Condition CVE-2025-15116 (4.1.0.3)

Saturday December 27, 2025

PHP

CVE-2025-14180 PHP 8.x PDO PgSQL Emulate Prepares Null Deref Crash (CVE-2025-14180)
CVE-2025-14177 PHP 8.x getimagesize() Info Disclosure in APPn Segments (before 8.4.16)
CVE-2025-14178 Heap Buffer Overflow IN PHP array_merge (8.18.5) pre 8.5.1

Gnupg

CVE-2025-68972 GnuPG 2.4.8+ signature bypass via '\f' line terminator

Unclassified

Friday December 26, 2025

IBM Aspera Faspex 5

CVE-2025-36229 IBM Aspera Faspex 5 Authenticated Package ID Enumeration (v5.0.0-5.0.14.1)
CVE-2025-36228 IBM Aspera Faspex 5 5.0.05.0.14.1 UI/API Permission Leak

IBM Ds8900f Firmware

CVE-2025-36192 IBM DS8000 R10.x Local CCW Update Perm Allows Backup Deletion (CVE-2025-36192)

IBM Concert

CVE-2025-1721 IBM Concert 1.0.0-2.1.0 Remote Heap Memory Disclosure via Improper Clearing
CVE-2025-12771 IBM Concert 1.0.0-2.1.0 Stack-Based Buffer Overflow (buf overrun)
CVE-2025-64645 IBM Concert 2.1.0 Local Priv Esc via Symlink Race

IBM Api Connect

CVE-2025-13915 IBM API Connect 10.0.8.010.0.8.5/10.0.11.0: Auth Bypass Remote

Gitea

CVE-2025-68940 Gitea 1.22.5: Branch Deletion Permissions Not Properly Enforced
CVE-2025-68939 Gitea <1.23.0: Attachment API Bypasses Forbidden Extension Check
CVE-2025-68941 Gitea <1.22.3: Limited-API-token can read private resources
CVE-2025-68942 Gitea <1.22.2 XSS: search box uses v-html (v-text missing)
CVE-2025-68943 Gitea <=1.21.7: Login Time Disclosure via explore/users Order
CVE-2025-68945 Gitea <1.21.2: Anonymous View of Private Projects
CVE-2025-68944 Token Scope Propagation Flaw in Gitea <1.22.2 (Package Registry Access Control)
CVE-2025-68946 Gitea <1.20.1 XSS via forbidden URL Scheme
CVE-2025-68938 Gitea <1.25.2 Release deletion auth bypass