Common Vulnerabilities and Exposures (CVE)

CVE-2026-0603

Jan 24, 2026 04:55:24 UTC

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClaus...

CVE-2026-24124

Jan 24, 2026 04:55:23 UTC

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing co...

CVE-2026-21264

Jan 24, 2026 04:55:21 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-24306

Jan 24, 2026 04:55:20 UTC

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-67847

Jan 24, 2026 04:55:18 UTC

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core re...

CVE-2026-22271

Jan 24, 2026 04:55:17 UTC

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit t...

CVE-2024-37079

Jan 24, 2026 04:55:16 UTC

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potenti...

CVE-2026-24307

Jan 24, 2026 04:55:14 UTC

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2024-37080

Jan 24, 2026 04:55:13 UTC

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potenti...

CVE-2026-24305

Jan 24, 2026 04:55:13 UTC

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2025-13952

Jan 24, 2026 02:26:49 UTC

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system ...

CVE-2026-24422

Jan 24, 2026 02:02:30 UTC

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls ...

CVE-2026-24421

Jan 24, 2026 01:58:58 UTC

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthe...

CVE-2026-24420

Jan 24, 2026 01:57:28 UTC

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is...

CVE-2026-24469

Jan 24, 2026 01:50:24 UTC

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, rem...