CVE CyberSecurity Database News (Page 13)

Jan 26, 2026 Microsoft

CVE-2026-21509 - How a Microsoft Office Bug Lets Attackers Bypass Security Using Untrusted Inputs

In early 2026, a new vulnerability was disclosed affecting Microsoft Office, tagged as CVE-2026-21509. This bug highlights how relying on untrusted user input can open

Jan 25, 2026 Exploit

CVE-2026-22998 - Critical Linux Kernel nvme-tcp NULL Pointer Dereference (Exploit & Details)

In early 2026, a serious vulnerability was discovered and resolved in the Linux kernel’s NVMe over TCP code (nvmet-tcp), tracked as CVE-2026-22998. This bug

Jan 23, 2026

CVE-2025-3839 - How Epiphany Browser's External App Handling Opens Doors for Remote Exploits

In early 2025, security researchers uncovered a serious vulnerability in the Epiphany browser, also known as GNOME Web. This flaw, now tracked as CVE-2025-3839, could

Jan 22, 2026

CVE-2025-22234 - How a Fix Broke Timing Attack Mitigation in DaoAuthenticationProvider (And Why It Matters)

Security fixes don’t always go as planned. In early 2025, a patch meant to address a separate vulnerability (CVE-2025-22228) in a widely-used authentication framework

Jan 22, 2026 RCE API Java

CVE-2026-1225 - ACE Vulnerability in Logback-core Configuration – How Logback Up to 1.5.24 Allows Dangerous Class Instantiation

On February 2026, a critical issue was discovered in the popular Java logging library, logback-core, up to and including version 1.5.24, maintained by