Vulnerebility List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE | NAME |
Info | CATEG. |
WEB |
| 30.1.26 | SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score | SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code | Vulnerebility | The Hacker News |
| 30.1.26 | SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass | SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical | Vulnerebility | The Hacker News |
| 28.1.26 | Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. | Vulnerebility | GTI |
| 28.1.26 | Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution | A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. | Vulnerebility | The Hacker News |
| 28.1.26 | Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution | Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog | Vulnerebility | The Hacker News |
| 28.1.26 | Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected | Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The | Vulnerebility | The Hacker News |
| 28.1.26 | Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas | A critical security flaw has been disclosed in Grist‑Core , an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result | Vulnerebility | The Hacker News |
| 25.1.26 | Fortinet confirms critical FortiCloud auth bypass not fully patched | Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December. | Vulnerebility | |
| 25.1.26 | Cisco fixes Unified Communications RCE zero day exploited in attacks | Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. | Vulnerebility | |
| 25.1.26 | Fortinet admins report patched FortiGate firewalls getting hacked | Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. | Vulnerebility | |
| 25.1.26 | GitLab warns of high-severity 2FA bypass, denial-of-service flaws | GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. | Vulnerebility | |
| 25.1.26 | ACF plugin bug gives hackers admin on 50,000 WordPress sites | A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. | Vulnerebility | |
| 23.1.26 | Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls | Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have | Vulnerebility | The Hacker News |
| 23.1.26 | Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access | A critical security flaw has been disclosed in the GNU InetUtils telnet daemon ( telnetd ) that went unnoticed for nearly 11 years. The vulnerability, tracked as | Vulnerebility | The Hacker News |
| 22.1.26 | Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex | Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) | Vulnerebility | The Hacker News |
| 22.1.26 | CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution | A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary | Vulnerebility | The Hacker News |
| 22.1.26 | CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution | A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary | Vulnerebility | The Hacker News |
| 20.1.26 | Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers | Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ( ACME ) validation logic that made it | Vulnerebility | The Hacker News |
| 19.1.26 |
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs |
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability | Vulnerebility | The Hacker News |
| 18.1.26 | Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices | A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations. | Vulnerebility | |
| 18.1.26 | Palo Alto Networks warns of DoS bug letting hackers disable firewalls | Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. | Vulnerebility | |
| 17.1.26 | Max severity Ni8mare flaw impacts nearly 60,000 n8n instances | Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." | Vulnerebility | |
| 16.1.26 | Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login | Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) | Vulnerebility | The Hacker News |
| 14.1.26 | Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution | Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The | Vulnerebility | The Hacker News |
| 14.1.26 | Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow | Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial- | Vulnerebility | The Hacker News |
| 11.1.26 | Trend Micro warns of critical Apex Central RCE vulnerability | Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. | Vulnerebility | |
| 10.1.26 | Cisco switches hit by reboot loops due to DNS client bug | Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by BleepingComputer. | Vulnerebility | |
| 10.1.26 | Critical jsPDF flaw lets hackers steal secrets via generated PDFs | The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. | Vulnerebility | |
| 10.1.26 | Max severity Ni8mare flaw lets hackers hijack n8n servers | A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. | Vulnerebility | |
| 10.1.26 | New Veeam vulnerabilities expose backup servers to RCE attacks | Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. | Vulnerebility | |
| 10.1.26 | Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions | Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that | Vulnerebility | The Hacker News |
| 8.1.26 | Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances | Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. | Vulnerebility | The Hacker News |
| 7.1.26 | Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control | Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote | Vulnerebility | The Hacker News |
| 7.1.26 | n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions | Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution | Vulnerebility | The Hacker News |
| 7.1.26 | Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication | Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The | Vulnerebility | The Hacker News |
| 7.1.26 | Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers | A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS | Vulnerebility | The Hacker News |
| 7.1.26 | Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover | The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote | Vulnerebility | The Hacker News |
| 6.1.26 | New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands | A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system | Vulnerebility | The Hacker News |
| 3.1.26 | IBM warns of critical API Connect auth bypass vulnerability | IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. | Vulnerebility | |
| 3.1.26 | Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed | A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. | Vulnerebility |