CVE-2026-0902 - Google Chrome V8 HTML Out-of-Bounds Memory Read Vulnerability
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0903 - Google Chrome Insecure File Type Bypass Vulnerability
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0904 - Google Chrome Domain Spoofing Vulnerability
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0905 - Google Chrome Network Policy Enforcement Information Disclosure Vulnerability
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0906 - Google Chrome Android Omnibox Spoofing Vulnerability
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0907 - Google Chrome Spoofing Vulnerability
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0908 - Google Chrome ANGLE Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23909 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23910 - Cisco WebEx Meeting Center Information Disclosure
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23911 - Adobe Flash Player Unserialize Buffer Overflow
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23912 - Citrix NetScaler Unvalidated Redirect
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23913 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23914 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-23914
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23914
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23915 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-23915
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23915
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23916 - Citrix NetScaler Denial of Service
CVE ID : CVE-2026-23916
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23916
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23917 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2026-23917
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23917
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66523 - Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters
CVE ID : CVE-2025-66523
Published : Jan. 20, 2026, 7:15 a.m. | 3 hours, 33 minutes ago
Description : URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66523
Published : Jan. 20, 2026, 7:15 a.m. | 3 hours, 33 minutes ago
Description : URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0895 - Insecure Deserialization in extension "Mailqueue" (mailqueue)
CVE ID : CVE-2026-0895
Published : Jan. 20, 2026, 8:16 a.m. | 2 hours, 33 minutes ago
Description : The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0895
Published : Jan. 20, 2026, 8:16 a.m. | 2 hours, 33 minutes ago
Description : The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41768 - Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
CVE ID : CVE-2025-41768
Published : Jan. 20, 2026, 9:15 a.m. | 1 hour, 33 minutes ago
Description : On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41768
Published : Jan. 20, 2026, 9:15 a.m. | 1 hour, 33 minutes ago
Description : On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14533 - Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action
CVE ID : CVE-2025-14533
Published : Jan. 20, 2026, 10:16 a.m. | 33 minutes ago
Description : The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14533
Published : Jan. 20, 2026, 10:16 a.m. | 33 minutes ago
Description : The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41084 - Stored Cross-Site Scripting (XSS) in Sesame web application
CVE ID : CVE-2025-41084
Published : Jan. 20, 2026, 10:16 a.m. | 33 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are then stored on the server and executed in the context of any user who accesses the compromised resource.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41084
Published : Jan. 20, 2026, 10:16 a.m. | 33 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are then stored on the server and executed in the context of any user who accesses the compromised resource.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...