Vulnerability: A local information disclosure vulnerability in Microsoft's Desktop Windows Manager that allows an authorized attacker to expose sensitive system information. The flaw impacts Windows systems and requires local authentication to exploit.

Trending: The vulnerability is actively discussed due to being part of Microsoft's January 2026 Patch Tuesday release, which addressed 112 security flaws. It has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog and is currently being exploited in real-world attack scenarios.

Vulnerability: Windows Secure Boot certificates are approaching expiration, which can potentially disrupt the Secure Boot trust chain and compromise system security. The vulnerability affects Windows systems with specific Microsoft UEFI and CA certificates that are set to expire in 2026.

Trending: Multiple security sources and news outlets are reporting this vulnerability as part of Microsoft's January 2026 Patch Tuesday, highlighting an actively exploited Secure Boot bypass that requires immediate attention. The patch addresses 114 vulnerabilities, with this CVE being a significant focus due to its potential impact on system security and boot processes.

Vulnerability: CVE-2023-31096 is a local privilege escalation vulnerability in the Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through version 2.2.100.1. The vulnerability allows an attacker to elevate privileges from a medium-integrity process to SYSTEM via a stack overflow in RTLCopyMemory.

Trending: The vulnerability is being mentioned alongside Microsoft's January 2026 Patch Tuesday updates, which addressed over 100 security flaws. While not the primary focus, it has been noted in various security feeds and social media discussions about potential kernel-level exploits and privilege escalation risks.

Vulnerability: A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally, potentially compromising system security and user data across multiple Microsoft Office versions.

Trending: Microsoft's January 2026 Patch Tuesday addresses this vulnerability among 112 other security issues, with eight critical vulnerabilities and one confirmed actively exploited zero-day. The patch highlights the ongoing cybersecurity challenges in enterprise environments and the need for timely software updates.

Vulnerability: A critical OS command injection vulnerability in Fortinet FortiSIEM affects multiple versions from 6.7.0 through 7.4.0. The flaw allows unauthorized attackers to execute arbitrary commands and code via crafted TCP requests.

Trending: The vulnerability is generating significant cybersecurity attention due to its critical CVSS score of 9.4 and potential for remote root access. Multiple cybersecurity news sources are highlighting the risk and urging immediate patching of affected Fortinet FortiSIEM systems.

Vulnerability: An Incorrect Privilege Assignment vulnerability exists in Modular DS that allows Privilege Escalation, affecting Modular DS versions from n/a through 2.5.1.

Trending: The vulnerability is currently being discussed across cybersecurity platforms like Mastodon and Bluesky, with multiple infosec accounts highlighting its critical nature and potential security implications for WordPress Modular DS plugin users.

Vulnerability: The Shipping Rate By Cities plugin for WordPress contains a SQL Injection vulnerability via the 'city' parameter in versions up to 2.0.0. Unauthenticated attackers can exploit this vulnerability to extract sensitive information from the database by appending additional SQL queries.

Trending: The vulnerability is currently trending in cybersecurity circles with a reported severity rating of 7.5. Infosec communities on platforms like Bluesky and Mastodon are actively discussing the potential impact and sharing details about the CVE.

Vulnerability: A use-after-free vulnerability in Microsoft Office enables unauthorized attackers to execute arbitrary code locally, potentially compromising system integrity and user data.

Trending: The vulnerability is part of Microsoft's January 2026 Patch Tuesday release, which addressed 114 total vulnerabilities, including 8 critical severity issues. Social media mentions indicate increased attention due to the potential for active exploitation and the vulnerability's critical nature.

Vulnerability: An out-of-bounds read vulnerability in Microsoft Office Word allows an unauthorized attacker to execute code locally, potentially compromising system integrity and user data through maliciously crafted documents.

Trending: Microsoft's January 2026 Patch Tuesday addressed 114 total vulnerabilities, with this CVE being part of a significant security update that included one actively exploited vulnerability and eight critical vulnerabilities across Microsoft's product ecosystem.

Vulnerability: Google Chrome WebView tag contained a security flaw that allowed attackers to potentially inject scripts or HTML into privileged pages by convincing a user to install a malicious extension. The vulnerability affected Chrome versions prior to 143.0.7499.192 and was classified as a high-severity issue.

Trending: The vulnerability was mentioned in several cybersecurity news outlets during the January 2026 Patch Tuesday, which involved Microsoft addressing 114 Windows flaws. While specific details about active exploits were limited, the CVE was part of a broader discussion about ongoing cybersecurity challenges and patch management.

Vulnerability: A heap-based buffer overflow vulnerability in multiple Fortinet products including FortiOS, FortiSASE, and FortiSwitchManager across various versions. The vulnerability allows unauthenticated remote attackers to execute arbitrary code or commands via specially crafted network packets.

Trending: The vulnerability is garnering significant attention due to its potential for remote code execution and the widespread use of Fortinet products in enterprise networks. Cybersecurity experts are emphasizing the critical nature of the vulnerability and urging immediate patching by IT managers.

Vulnerability: A SQL injection vulnerability in Fortinet FortiClientEMS versions 7.4.3-7.4.4, 7.4.0-7.4.1, 7.2.0-7.2.10, and 7.0 allows authenticated attackers with read-only admin permissions to execute unauthorized SQL code or commands through crafted HTTP/HTTPS requests.

Trending: Fortinet security vulnerabilities are currently attracting significant attention due to the potential for cybercriminal exploitation. Bluesky and other security channels are highlighting the Remote Code Execution (RCE) risk associated with this vulnerability, emphasizing the need for prompt software updates.

Vulnerability: A Server-Side Request Forgery (SSRF) vulnerability in Fortinet FortiSandbox versions 5.0.0 through 5.0.4, and all versions of FortiSandbox 4.4, 4.2, and 4.0. The vulnerability allows an authenticated attacker to proxy internal plaintext endpoint requests via crafted HTTP requests.

Trending: Security researchers and news outlets are highlighting the potential risks of this Fortinet vulnerability, emphasizing that such SSRF vulnerabilities in enterprise security products can be attractive targets for cybercriminals seeking to exploit internal network traffic.

Vulnerability: CVE-2026-22686 is a critical sandbox escape vulnerability in enclave-vm, a secure JavaScript sandbox for AI agent code execution. The vulnerability allows untrusted JavaScript code to execute arbitrary code in the host Node.js runtime by exploiting prototype chain traversal during error handling.

Trending: The vulnerability is generating significant cybersecurity buzz due to its critical CVSS score of 10.0, which indicates potential for full host compromise. Social media channels are highlighting the severe implications of this sandbox escape that breaks Enclave's core security isolation mechanism.

Vulnerability: Kubernetes API server in all versions contains a vulnerability where an attacker with the ability to create a ClusterIP service or patch the status of a LoadBalancer service can intercept traffic by manipulating external IP addresses and ingress IP settings.

Trending: The vulnerability is gaining attention as part of the "unpatchable 4" set of Kubernetes CVEs, which require mitigation through configuration and architectural changes rather than direct patching. Security researchers and cloud security professionals are discussing its potential implications for Kubernetes deployments.

Vulnerability: A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to potentially execute arbitrary code on affected Windows systems, particularly impacting Windows 10 Version 1809.

Trending: Microsoft's January 2026 Patch Tuesday announcement highlighted this vulnerability as part of eight critical vulnerabilities and an actively exploited zero-day issue. Security researchers and CSOs are noting its potential impact on enterprise environments and recommending timely patch management.

Vulnerability: A collection of memory safety bugs were identified in Firefox and Thunderbird, with potential for memory corruption and arbitrary code execution. The vulnerability affects Firefox versions before 147 and Firefox ESR versions before 140.7.

Trending: This CVE is part of the January 2026 Microsoft Patch Tuesday announcements, which includes multiple critical vulnerabilities and at least one actively exploited zero-day. The vulnerability is being discussed alongside other high-profile security updates for Microsoft products and software.

Vulnerability: A memory safety vulnerability affecting Firefox and Thunderbird version 146, with potential for memory corruption that could be exploited to run arbitrary code. The vulnerability is present in versions prior to Firefox 147.

Trending: The vulnerability is part of Microsoft's January 2026 Patch Tuesday, which includes eight critical vulnerabilities and multiple security updates across Windows operating systems and software products. The broader context involves discussions about patching and potential active exploits in enterprise environments.

Vulnerability: A heap-based buffer overflow vulnerability in Windows Virtualization-Based Security (VBS) Enclave that allows an authorized local attacker to elevate privileges. The vulnerability affects Windows systems with VBS enabled.

Trending: The vulnerability is part of Microsoft's January 2026 Patch Tuesday, which addressed 114 total Windows flaws, including one actively exploited vulnerability. The update includes eight critical vulnerabilities and has drawn significant attention from cybersecurity news outlets and researchers.

Vulnerability: CVE-2025-8110 is a vulnerability in the PutContents API of Gogs, a Git service server, that allows local code execution through improper symbolic link handling. The vulnerability affects self-hosted Gogs servers.

Trending: The vulnerability is gaining attention due to confirmed exploit code and active exploitation since July of the previous year. CISA has added it to their Known Exploited Vulnerabilities Catalog, indicating significant security risk and potential widespread impact.

Vulnerability: The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to 1.3.0. The vulnerability allows unauthenticated attackers to delete or download arbitrary files on the server by manipulating file paths via the wsaw-log[] POST parameter.

Trending: The vulnerability has gained significant attention in the cybersecurity community due to its critical severity rating of 9.8 and potential for serious system compromise. Multiple infosec platforms are highlighting the risk of attackers being able to delete critical files like wp-config.php or access sensitive configuration files.

Vulnerability: The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 1.1. Unauthenticated attackers can exploit the template parameter to include and execute arbitrary .php files, potentially bypassing access controls and achieving code execution.

Trending: The vulnerability is gaining significant attention in cybersecurity circles due to its critical severity rating of 9.8 and the potential for widespread impact on WordPress sites using the News and Blog Designer Bundle plugin. Infosec communities are actively discussing the implications of this local file inclusion vulnerability.

Vulnerability: An untrusted pointer dereference vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally, potentially compromising system integrity and user data.

Trending: Microsoft's January 2026 Patch Tuesday addressed 112 vulnerabilities, including this CVE among several other security defects. The update highlighted one actively exploited zero-day vulnerability, drawing attention to ongoing cybersecurity challenges in enterprise environments.

Vulnerability: A sensitive information exposure vulnerability in Fortinet FortiFone versions 7.0.0 through 7.0.1 and 3.0.13 through 3.0.23 allows unauthenticated attackers to obtain device configuration via crafted HTTP or HTTPS requests.

Trending: Fortinet is distributing urgent software updates to close critical security vulnerabilities across multiple products, with IT managers advised to install patches quickly due to frequent targeting by cybercriminals.

Vulnerability: A path traversal vulnerability in Fortinet FortiVoice versions 7.2.0-7.2.2 and 7.0.0-7.0.7 allows privileged attackers to delete files from the underlying filesystem through crafted HTTP or HTTPS requests.

Trending: Fortinet is actively distributing software updates to address multiple security vulnerabilities across its product line, with cybercriminals frequently targeting Fortinet products. IT managers are being advised to quickly install patches to mitigate potential risks.

Vulnerability: A vulnerability exists in the Motorola SM56 Modem WDM Driver (SmSerl64.sys) version 6.12.23.0 that allows low-privileged users to map physical memory through specially crafted IOCTL requests. The vulnerability can be exploited for privilege escalation, high-privilege code execution, and information disclosure.

Trending: Microsoft Patch Tuesday security updates for January 2026 addressed 112 security flaws across multiple Microsoft products, including this vulnerability. Early indications suggest active exploitation attempts, prompting urgent attention from cybersecurity professionals and system administrators.

Vulnerability: The CVE-2025-55130 is a critical vulnerability in Node.js involving async_hooks that can potentially cause server crashes through a stack overflow mechanism. The vulnerability affects multiple versions of the Node.js runtime environment.

Trending: Security researchers and developers are actively discussing this vulnerability due to its potential for causing significant server disruptions. The Node.js development team has already released updated versions addressing the security flaw, prompting urgent calls for system administrators to update their Node.js installations.

Vulnerability: CVE-2025-59465 is a critical vulnerability in Node.js related to async_hooks that can potentially cause server crashes via a stack overflow mechanism. The vulnerability affects multiple versions of the popular JavaScript runtime environment.

Trending: Security researchers and developers are actively discussing the vulnerability due to its potential for causing significant server disruptions. The Node.js development team has released updates to address the issue, prompting urgent recommendations for version upgrades across affected systems.

Vulnerability: A critical vulnerability in Node.js involves a potential stack overflow in async_hooks, which can cause server crashes and potentially expose systems running Node.js applications to denial of service risks.

Trending: The vulnerability is gaining significant attention in cybersecurity circles due to its critical rating and potential widespread impact on Node.js-based server infrastructure, with security experts and developers actively discussing mitigation strategies.

Vulnerability: A critical security vulnerability in the ServiceNow AI Platform allows an unauthenticated user to impersonate another user and perform operations with the impersonated user's entitlements. This vulnerability affects ServiceNow's AI Platform and potentially exposes organizations to unauthorized access and potential data breaches.

Trending: The vulnerability, known as BodySnatcher (CVE-2025-12420), is gaining significant attention in cybersecurity circles due to its potential for agentic AI security exploitation. Cybersecurity researchers and news outlets are highlighting the critical nature of the vulnerability and its implications for user authentication and system security.

Vulnerability: A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1 wireless routers allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. The issue specifically affects Archer BE400 firmware version 1.1.0 Build 20250710 rel.14914.

Trending: The vulnerability is gaining attention due to its potential to disrupt wireless networks by sending a single malformed WiFi frame, which can force router reboots. Research by the Cybersecurity Research Center (CyRC) has highlighted the flaw's impact on Broadcom chipset-based routers from manufacturers like TP-Link and ASUS.

Vulnerability: A critical Improper Input Validation vulnerability exists in Dreamweaver Desktop versions 21.6 and earlier, potentially allowing arbitrary code execution when a user opens a malicious file.

Trending: Security researchers and cybersecurity communities are discussing the vulnerability due to its high severity rating of 8.6 and potential for remote code execution, which poses significant risks to Dreamweaver Desktop users.

Vulnerability: The VSCode extension for Spring CLI is vulnerable to command injection, which can result in unauthorized command execution on the user's machine. This vulnerability affects the Spring CLI extension for Visual Studio Code.

Trending: The CVE has recently gained attention due to its potential for remote code execution and the widespread use of the Spring CLI extension among developers. Social media channels are highlighting the urgency of the vulnerability and its potential impact on software development environments.

Vulnerability: A heap-based buffer overflow in the Windows Common Log File System Driver enables local privilege escalation for authorized attackers, potentially allowing an attacker to gain elevated system access on Windows systems.

Trending: Microsoft's January 2026 Patch Tuesday highlighted this vulnerability as part of a significant security update addressing 115 total vulnerabilities, including eight critical issues and three zero-day vulnerabilities, with active exploitation of at least one vulnerability drawing particular attention from cybersecurity professionals.

Vulnerability: A use-after-free vulnerability in Desktop Windows Manager that enables local privilege escalation, allowing an authorized attacker to potentially gain elevated system access.

Trending: Microsoft's January 2026 Patch Tuesday highlights this vulnerability as part of a significant security update, which addressed 115 total vulnerabilities including eight critical issues and three zero-day vulnerabilities. The CVE is receiving attention due to its potential for active exploitation and its inclusion in the month's critical security patches.

Vulnerability: A heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) enables unauthorized remote code execution, potentially compromising network-connected Windows systems running vulnerable RRAS configurations.

Trending: Microsoft's January 2026 Patch Tuesday highlights this vulnerability as part of a broader security update addressing 112 total defects, with particular attention given to its active exploitation status and potential network-level impact.

Vulnerability: A type confusion vulnerability in the Windows Ancillary Function Driver for WinSock enables local privilege escalation for authorized attackers. The vulnerability allows an attacker to potentially gain elevated system permissions through a type-related exploit.

Trending: Microsoft's January 2026 Patch Tuesday highlighted this vulnerability among eight critical security issues, with active exploitation noted in early reports. Cybersecurity firms and enterprise security teams are closely monitoring the patch, given the potential for local privilege escalation and the vulnerability's presence in Windows systems.

Vulnerability: A heap-based buffer overflow in Windows NTFS file system allows an authorized local attacker to potentially execute arbitrary code on the affected Windows systems.

Trending: Microsoft's January 2026 Patch Tuesday highlighted this vulnerability among eight critical issues, with notable attention due to active exploitation and its potential impact on enterprise environments. News sources emphasized the vulnerability as part of a broader security update addressing 115 total vulnerabilities.

Vulnerability: A privilege escalation vulnerability in Windows Routing and Remote Access Service (RRAS) enables an authorized local attacker to improperly access and elevate system privileges, potentially compromising Windows system security.

Trending: Microsoft's January 2026 Patch Tuesday highlighted this vulnerability among eight critical and 115 total security updates, with the patch drawing attention due to active exploitation and potential enterprise impact. Security experts are emphasizing the importance of timely updates to mitigate potential system risks.

Vulnerability: Windows Error Reporting contains a vulnerability that allows an authorized local attacker to potentially elevate privileges through improper handling of insufficient permissions or system privileges.

Trending: Microsoft's January 2026 Patch Tuesday highlights this vulnerability among eight critical security issues, with widespread industry attention due to active exploitation and the potential impact on enterprise Windows environments. The vulnerability is part of a larger patch addressing 115 total vulnerabilities, including multiple zero-day exploits.

Vulnerability: A use-after-free vulnerability in Microsoft Graphics Component enables an authorized local attacker to potentially elevate privileges on affected Microsoft systems.

Trending: Microsoft's January 2026 Patch Tuesday addressed this vulnerability alongside 114 total CVEs, with the patch highlighted as part of a broader security update that included eight critical and three zero-day vulnerabilities, drawing significant cybersecurity community attention.

Vulnerability: An integer underflow vulnerability in Microsoft Office Excel that enables unauthorized local code execution by an attacker. The vulnerability could potentially allow remote code execution through maliciously crafted Excel files.

Trending: The vulnerability is part of Microsoft's January 2026 Patch Tuesday release, which addressed 115 total vulnerabilities, including eight critical and three zero-day vulnerabilities. One of these vulnerabilities was confirmed as actively exploited, generating significant interest in cybersecurity circles.

Vulnerability: A use-after-free vulnerability in Windows Local Security Authority Subsystem Service (LSASS) enables an authorized attacker to execute code over a network. The vulnerability impacts Windows systems and their network-connected environments.

Trending: Microsoft's January 2026 Patch Tuesday addressed this vulnerability among 114 total CVEs, with eight critical vulnerabilities and significant industry attention. The CVE was highlighted as part of a broader security update addressing multiple potential network and system exploits.

Vulnerability: A Secure Boot Security Feature Bypass Vulnerability in Microsoft Windows that could potentially allow unauthorized modification of system boot processes or compromise system security integrity.

Trending: Microsoft's January 2026 Patch Tuesday addressed this vulnerability among 113 other security holes, with eight rated as critical and some already being actively exploited in the wild, drawing significant cybersecurity community attention.

Vulnerability: An arbitrary file deletion vulnerability has been discovered in the system function of mobility conductors running the AOS-8 operating system. This vulnerability could allow an unauthenticated remote attacker to delete arbitrary files, potentially causing denial-of-service conditions.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.2 and the potential for remote exploitation without authentication. Multiple infosec sources are highlighting the risk and spreading awareness through social media channels using cybersecurity hashtags.

Vulnerability: Substance3D Modeler versions 1.22.4 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a user opens a malicious file. The vulnerability impacts the current user context and requires user interaction to exploit.

Trending: Cybersecurity platforms are discussing the vulnerability due to its high severity rating of 7.8 and potential for code execution. The issue is gaining attention in infosec communities on platforms like Mastodon, with multiple posts highlighting the potential security risks.

Vulnerability: iccDEV libraries contain a heap-based buffer overflow vulnerability in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp affecting users processing ICC color management profiles. The vulnerability exists in versions prior to 2.3.1.2 and can potentially allow unauthorized code execution.

Trending: The vulnerability is being discussed across cybersecurity networks with a reported severity rating of 8.8. Social media mentions highlight the potential risks to systems using iccDEV libraries, with cybersecurity professionals sharing details about the heap-based buffer overflow and its implications.

Vulnerability: YesWiki, a PHP wiki system, has a cross-site scripting (XSS) vulnerability in the /?BazaR endpoint and idformulaire parameter prior to version 4.5.4. An attacker can exploit this vulnerability to steal authenticated user cookies and potentially take over sessions or deface websites.

Trending: Social media sources indicate that exploit code for this vulnerability has been confirmed through the Nuclei vulnerability scanner, suggesting active interest in the potential attack vector and raising awareness among cybersecurity professionals.

Vulnerability: A command injection vulnerability exists in the screenshot API of the Web Check OSINT tool, allowing attackers to execute arbitrary system commands by passing malicious url parameters. The vulnerability stems from unsanitized user input being passed directly into a shell command using exec().

Trending: The vulnerability is generating significant attention due to confirmed exploit code availability, including modules in Metasploit, proof-of-concept code on GitHub, and listing in the Vulncheck Known Exploited Vulnerabilities (KEV) database.

Vulnerability: The Brevo for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting through the 'user_connection_id' parameter in versions up to 4.0.49. Unauthenticated attackers can inject arbitrary web scripts that will execute when users access an infected page.

Trending: The vulnerability is gaining attention due to confirmed exploit code being identified by Vulncheck KEV. Social media sources are highlighting the potential for active exploitation of this cross-site scripting vulnerability in WordPress websites.