| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-20809 | Windows Kernel Memory Elevation of Privilege Vulnerability | Microsoft | Windows 10 Version 1607 | High | 7.8 | 2026-01-13 17:56:10 | Deep Dive |
| CVE-2026-20810 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Microsoft | Windows 10 Version 1809 | High | 7.8 | 2026-01-13 17:56:10 | Deep Dive |
| CVE-2026-20808 | Windows File Explorer Elevation of Privilege Vulnerability | Microsoft | Windows 11 Version 24H2 | High | 7.0 | 2026-01-13 17:56:09 | Deep Dive |
| CVE-2026-20804 | Windows Hello Tampering Vulnerability | Microsoft | Windows 10 Version 1607 | High | 7.7 | 2026-01-13 17:56:08 | Deep Dive |
| CVE-2026-20805 | Desktop Window Manager Information Disclosure Vulnerability | Microsoft | Windows 10 Version 1607 | Medium | 5.5 | 2026-01-13 17:56:08 | Deep Dive |
| CVE-2026-0386 | Windows Deployment Services Remote Code Execution Vulnerability | Microsoft | Windows Server 2008 R2 Service Pack 1 | High | 7.5 | 2026-01-13 17:56:05 | Deep Dive |
| CVE-2026-21265 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability | Microsoft | Windows 10 Version 1607 | Medium | 6.4 | 2026-01-13 17:56:04 | Deep Dive |
| CVE-2026-20962 | Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability | Microsoft | Windows 10 Version 1809 | Medium | 4.4 | 2026-01-13 17:56:03 | Deep Dive |
| CVE-2025-67932 | WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability | purethemes | Listeo Core | High | 7.1 | 2026-01-08 09:17:49 | Deep Dive |
| CVE-2025-67919 | WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability | WofficeIO | Woffice Core | Medium | 6.5 | 2026-01-08 09:17:46 | Deep Dive |
| CVE-2025-53344 | WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability | ThimPress | Thim Core | Medium | 4.3 | 2026-01-05 16:42:58 | Deep Dive |
| CVE-2023-49186 | WordPress Machic Core plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability | KlbTheme | Machic Core | High | 7.1 | 2026-01-05 13:27:52 | Deep Dive |
| CVE-2026-21440 | AdonisJS Path Traversal in Multipart File Handling | adonisjs | core | 超危 | - | 2026-01-02 19:02:18 | Deep Dive |
| CVE-2025-62144 | WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability | Mohammed Kaludi | Core Web Vitals & PageSpeed Booster | Medium | 5.4 | 2025-12-31 13:48:58 | Deep Dive |
| CVE-2025-63027 | WordPress WBC907 Core plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability | webcreations907 | WBC907 Core | Medium | 6.5 | 2025-12-30 16:03:32 | Deep Dive |
| CVE-2025-64190 | WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability | 8theme | XStore Core | Medium | 6.5 | 2025-12-30 16:00:52 | Deep Dive |
| CVE-2025-68978 | WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | designthemes | DesignThemes Core | Medium | 6.5 | 2025-12-30 10:47:48 | Deep Dive |
| CVE-2025-13158 | apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker | apiDoc | apidoc-core | 中危 | - | 2025-12-26 16:00:27 | Deep Dive |
| CVE-2025-68572 | WordPress BBP Core plugin <= 1.4.1 - Broken Access Control vulnerability | Spider Themes | BBP Core | Medium | 5.3 | 2025-12-24 13:10:38 | Deep Dive |
| CVE-2025-68161 | Apache Log4j Core: Missing TLS hostname verification in Socket appender | Apache Software Foundation | Apache Log4j Core | - | - | 2025-12-18 20:47:49 | Deep Dive |