| | CVE-2026-21226 |  Microsoft | high | 7.5 | 1.5%
| | Deserialization of untrusted data in Azure Core shared client library for Python allows an authorize… | Jan 13, 2026 | Feb 5, 2026 |
| | CVE-2026-22791 |  Red Hat | medium | 6.6 | 0.0%
| | openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-21265 | Microsoft | medium | 6.4 | 0.3%
| | Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificate… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-21224 | Microsoft | high | 7.8 | 0.1%
| | Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevat… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-21219 | Microsoft | high | 7.0 | 0.1%
| | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Feb 9, 2026 |
| | CVE-2026-20965 | Microsoft | high | 7.5 | 0.0%
| | Improper verification of cryptographic signature in Windows Admin Center allows an authorized attack… | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20959 | Microsoft | medium | 4.6 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20958 | Microsoft | medium | 5.4 | 0.1%
| | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to d… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20957 | Microsoft | high | 7.8 | 0.1%
| | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to … | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20956 | Microsoft | high | 7.8 | 0.1%
| | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20955 | Microsoft | high | 7.8 | 0.1%
| | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20953 | Microsoft | high | 8.4 | 0.0%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20952 | Microsoft | high | 8.4 | 0.0%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20951 | Microsoft | high | 7.8 | 0.1%
| | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute … | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20950 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20949 | Microsoft | high | 7.8 | 0.0%
| | Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a securi… | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20948 | Microsoft | high | 7.8 | 0.0%
| | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co… | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20947 | Microsoft | high | 8.8 | 0.1%
| | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Of… | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20946 | Microsoft | high | 7.8 | 0.0%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally… | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20944 | Microsoft | high | 8.4 | 0.0%
| | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20943 | Microsoft | high | 7.0 | 0.0%
| | Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2026-20822 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2026-20803 | Microsoft | high | 7.2 | 0.1%
| | Missing authentication for critical function in SQL Server allows an authorized attacker to elevate … | Jan 13, 2026 | Jan 16, 2026 |
| | CVE-2025-37166 |  HPE | high | 7.5 | 0.0%
| | A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device… | Jan 13, 2026 | Feb 26, 2026 |
| | CVE-2025-37165 | HPE | high | 7.5 | 0.0%
| | A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain net… | Jan 13, 2026 | Mar 2, 2026 |
| | CVE-2026-20963 | Microsoft | critical | 9.8 | 6.2%
| ⚠ KEV | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to … | Jan 13, 2026 | Apr 2, 2026 |
| | CVE-2025-67685 |  Fortinet | low | 3.8 | 0.0%
| | A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox … | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2025-64155 | Fortinet | critical | 9.8 | 0.0%
| | An improper neutralization of special elements used in an os command ('os command injection') vulner… | Jan 13, 2026 | Jan 20, 2026 |
| | CVE-2025-59922 | Fortinet | high | 7.2 | 0.1%
| | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerabilit… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2025-58693 | Fortinet | medium | 6.5 | 0.2%
| | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2025-47855 | Fortinet | critical | 9.8 | 1.2%
| | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet Fo… | Jan 13, 2026 | Jan 14, 2026 |
| | CVE-2025-25249 | Fortinet | high | 8.1 | 0.0%
| | A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 th… | Jan 13, 2026 | Feb 23, 2026 |
| | CVE-2026-0891 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird … | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0890 | Red Hat | low | 3.4 | 0.0%
| ✓ Fix | Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefo… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0892 | Red Hat | medium | 6.1 | 0.0%
| | Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0888 | Red Hat | low | 3.4 | 0.0%
| | Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbir… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0889 | Red Hat | low | 3.4 | 0.0%
| | Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 an… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0887 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects F… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0886 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, F… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0885 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ES… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0884 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0883 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefo… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0882 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32,… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0881 | Red Hat | high | 7.5 | 0.0%
| | Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thund… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0879 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability af… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0880 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0878 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vul… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0877 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox … | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2026-0503 |  Check Point | medium | 6.4 | 0.1%
| | Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP E… | Jan 13, 2026 | Jan 13, 2026 |
| | CVE-2025-68783 | Red Hat | low | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-mixer: us16x08: valida… | Jan 13, 2026 | Jan 13, 2026 |