Latest Cybersecurity Vulnerabilities - Real-Time Updates

Latest 30 CVEs - Real-Time Cyber Threats

Cyber threats are constantly evolving, making real-time vulnerability tracking essential. Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), providing key details such as affected vendors, impact levels, and risk scores.

Each CVE entry includes a brief summary and a direct link to its full details, enabling cybersecurity professionals, system administrators, and developers to quickly assess and mitigate potential security risks.

CVE-2026-1485 Security Risk Analysis
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Score: 2.8_/10 🟢 Low Risk
Published on 27 Jan 2026, 14:15 UTC (only 20 minutes ago)
CVE-2026-1484 Risk & Patch Advisory
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
Score: 4.2_/10 ⚠️ Medium Risk
Published on 27 Jan 2026, 14:15 UTC (only 20 minutes ago)
CVE-2026-1213 Security Notice
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2. ⏳ Analysis in Progress 27 Jan 2026, 14:15 UTC (20 minutes ago)
CVE-2025-41728 Exploit & Mitigation Report
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
Score: 5.3_/10 🚨 Significant Risk
Published on 27 Jan 2026, 12:15 UTC (only 2 hours ago)
CVE-2025-41727 Exploitable Vulnerability Warning
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Score: 7.8_/10 🔥 Very High Risk
Published on 27 Jan 2026, 12:15 UTC (only 2 hours ago)
CVE-2025-41726 Immediate Threat Report
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
Score: 8.8_/10 ☠️ Severe Risk
Published on 27 Jan 2026, 12:15 UTC (only 2 hours ago)
CVE-2025-12387 Security Notice
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes administrator panel to not work, resulting in DoS until the language settings is reverted to a correct value. The Denial of Service affects only the administrator panel and does not affect other router functionalities. The vendor was notified early about this vulnerability, but didn't respond with th... ⏳ Analysis in Progress 27 Jan 2026, 12:15 UTC (2 hours ago)
CVE-2025-12386 Security Notice
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. ⏳ Analysis in Progress 27 Jan 2026, 12:15 UTC (2 hours ago)
CVE-2026-24830 High-Severity Security Breach
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.
Score: 9.8_/10 ☠️ Critical Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-24829 High-Risk Security Alert
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Score: 6.5_/10 🔥 High Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-24828 Severe Cybersecurity Threat
Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Score: 7.5_/10 🔥 Very High Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-24827 Severe Cybersecurity Threat
Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Score: 7.5_/10 🔥 Very High Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-24826 Security Notice
Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . ⏳ Analysis in Progress 27 Jan 2026, 10:15 UTC (4 hours ago)
CVE-2026-24348 Technical Report
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users. ⏳ Analysis in Progress 27 Jan 2026, 10:15 UTC (4 hours ago)
CVE-2026-24347 Technical Report
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory ⏳ Analysis in Progress 27 Jan 2026, 10:15 UTC (4 hours ago)
CVE-2026-24346 Security Notice
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application ⏳ Analysis in Progress 27 Jan 2026, 10:15 UTC (4 hours ago)
CVE-2026-24345 Technical Report
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI ⏳ Analysis in Progress 27 Jan 2026, 10:15 UTC (4 hours ago)
CVE-2026-21417 Critical Risk Assessment
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Score: 7.0_/10 🔥 High Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-1467 Critical Risk Assessment
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
Score: 6.1_/10 🔥 High Risk
Published on 27 Jan 2026, 10:15 UTC (only 4 hours ago)
CVE-2026-24825 Technical Report
Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C. This issue affects ydb: through 24.4.4.2. ⏳ Analysis in Progress 27 Jan 2026, 09:15 UTC (5 hours ago)