Prioritize what attackers can use now
Start with critical and known-exploited vulnerabilities, then narrow by vendor, product, weakness, sector signal, and update recency.
CVE Intelligence
CVE Intelligence Workbench
A structured vulnerability intelligence surface for security teams: natural-language CVE discovery, precise filters, affected products, CVSS/CWE context, KEV signals, source attribution, and Glexia's expert analysis where available.
Published CVEs only
Searchable vulnerability context without the noise
The public library indexes published CVE records from the official CVE List V5 source. Natural-language discovery and precise filters work together so every displayed result stays grounded in published records.
- 339,562
- Published records
- Official CVE List V5 records indexed for public search
- 17,916
- Critical severity
- 1,601
- Known exploited
- 281,447
- Glexia takes
Use the official record, not copied article text
Every page links back to CVE List V5 source data and exposes official record downloads when the source payload is available.
Pivot from CVEs and CWEs into ATT&CK behavior
Use the ATT&CK reference to review likely behavior context, telemetry, and mitigations without treating inferred lookups as official mappings.
Read Glexia's expert analysis when validated
Glexia's expert analysis is published only after validation checks pass, giving practitioners practical triage and remediation guidance.
Recently updated CVEs
- CVE-2026-12223Medium
- CVE-2026-12222High
- CVE-2026-12221High
Critical records
- CVE-2026-12187CVSS 9
- CVE-2026-12186CVSS 9
- CVE-2026-46316CVSS 9.3
CISA KEV signal
- CVE-2026-35273Jun 13, 2026
- CVE-2026-20245Jun 12, 2026
- CVE-2026-50751Jun 10, 2026
Most viewed in 30 days
Trending view data will appear after public CVE detail traffic is recorded.
Official CVE downloads
Official CVE source files, separated by update type.
Search and detail pages stay grounded in published CVE List V5 records. Download the latest full baseline, the latest hourly differential, and the delta log when source files are available.
Download manifest Source file 01 Full baseline
Latest full CVE List V5 baseline
Daily all_CVEs_at_midnight ZIP from the official cvelistV5 GitHub release.
- Filename
- 2026-06-14_all_CVEs_at_midnight.zip.zip
- Size
- 512 MB
- Updated
- Jun 14, 2026
Source file 02 Hourly changes
Latest hourly CVE differential
Hourly delta_CVEs ZIP from the official cvelistV5 GitHub release.
- Filename
- 2026-06-14_delta_CVEs_at_0200Z.zip
- Size
- 22 B
- Updated
- Jun 14, 2026
Source file 03 Change log
Rolling CVE delta log
Official cvelistV5 deltaLog.json for recently changed CVE records.
- Filename
- deltaLog.json
- Size
- 5.6 MB
- Updated
- Jun 15, 2026
Results
339,562 matching CVEs
Every result starts with the official CVE record. Glexia's analysts work across the library to add plain-English context, helping teams understand exposure, urgency, and practical next steps without wading through raw record text.
Showing 1-25 of 339,562 records · Page 1 of 13,583
CVE-2026-12223 Medium
View detail
Key signals
Official summary
Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack needs to be initiated within the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12223 affects Yealink SIP-T46U phones running version 108.86.0.118. A local-network attacker with low privileges could inject operating-system commands through the phone’s web FastCGI service. Public exploit material is reported, but the sources do not show confirmed active exploitation. Vendor response and fixed firmware are not identified in the provided sources.
Related terms
CWE-74CWE-77vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
Key signals
Official summary
Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow
A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12222 affects Yealink SIP-T46U phones running version 108.86.0.118. A local-network attacker with low privileges could trigger a memory corruption flaw in a web service endpoint. Public exploit material is reported, but CISA KEV is not listed and the sources do not show confirmed active exploitation.
Related terms
CWE-119CWE-121vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
Key signals
Official summary
Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12221 is a high-severity flaw in Yealink SIP-T46U firmware version 108.86.0.118. A local-network attacker with low privileges could trigger a stack buffer overflow during firmware chunk upload handling. Public exploit material is reported, but the provided sources do not show active exploitation or a vendor patch.
Related terms
CWE-119CWE-121vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
Key signals
Official summary
Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12220 affects Yealink SIP-T46U firmware 108.86.0.118. A local-network attacker with low privileges could trigger a stack-based buffer overflow in a firmware chunk upload API. The public record says exploit details were disclosed, but there is no KEV listing or cited evidence of active exploitation.
Related terms
CWE-119CWE-121vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
CVE-2026-12219 Medium
View detail
Key signals
Official summary
Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12219 affects Yealink SIP-T46U phones running firmware 108.86.0.118. A remote authenticated user may inject operating-system commands through the phone’s web diagnosis function. Public sources say exploit material has been published, but they do not show confirmed active exploitation.
Related terms
CWE-74CWE-77vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
Key signals
Official summary
Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow
A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12218 affects Yealink SIP-T46U phones running version 108.87.50.1. A local-network attacker with low privileges could trigger a stack buffer overflow in the phone’s web FastCGI service. Public exploit information is reported, but CISA KEV does not list active exploitation in the provided sources.
Related terms
CWE-119CWE-121vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisorybroken-link
Key signals
Official summary
DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
DVDFab Virtual Drive 2.0.0.5 includes a signed Windows kernel driver, dvdfabio.sys, with improper privilege management. A local user could abuse it to gain higher privileges on the machine. This is most urgent where the product is installed on workstations or servers used by standard users.
Related terms
CWE-266CWE-269vdb-entrysignaturepermissions-requiredthird-party-advisoryexploitot-ics
CVE-2026-12216 Medium
View detail
Key signals
Official summary
svaarala duktape duk_api_bytecode.c memory corruption
A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Executing a manipulation of the argument count_instr can lead to memory corruption. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12216 is a memory corruption issue in Duktape, an embeddable JavaScript engine. It requires local access, so it is not described as remotely exploitable. A public exploit reference exists, but the sources do not show active exploitation. Business urgency is moderate, especially for products or appliances embedding affected Duktape versions.
Related terms
CWE-119vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploitot-ics
Key signals
Official summary
Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12214 affects Qihoo 360 Total Security 6.0. A local user can reportedly bypass a protection mechanism in the Nucleus Engine component. This matters most on endpoints where untrusted users or malware already have local access. Public exploit material is referenced, but the sources do not show confirmed active exploitation.
Related terms
CWE-693vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploitissue-tracking
CVE-2026-12213 Medium
View detail
Key signals
Official summary
hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization
A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12213 is an improper authorization issue in Huly Platform through 0.7.0. A logged-in remote user may access limited user information they should not be allowed to see. Public exploit information exists, but the provided sources do not show active exploitation or a vendor fix.
Related terms
CWE-266CWE-285vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryot-ics
CVE-2026-12212 Medium
View detail
Key signals
Official summary
hcengineering Huly Platform RPC operations.ts getMailboxSecret access control
A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12212 is an access-control flaw in Huly Platform’s RPC interface affecting versions up to 0.7.0. A low-privileged remote user may be able to access mailbox secret data through getMailboxSecret. Public disclosure exists, but the provided sources do not show confirmed active exploitation.
Related terms
CWE-266CWE-284vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryot-ics
CVE-2026-12211 Medium
View detail
Key signals
Official summary
Intelbras iNVU 7016 FT Web syslog path traversal
A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Glexia's Take
CVE-2026-12211 affects the Intelbras iNVU 7016 FT web interface. A high-privileged remote user could abuse the syslog file-loading path to traverse directories and read limited data. The vendor reportedly released a fixed version. Risk is moderated by required privileges, but public exploit information increases urgency for exposed devices.
Related terms
CWE-22vdb-entrysignaturepermissions-requiredthird-party-advisoryexploitpatchiNVU 7016 FT
CVE-2026-12210 Medium
View detail
Key signals
Official summary
universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12210 is a server-side request forgery issue in python-utcp 1.1.0 affecting utcp-gql/utcp-websocket. A remote authenticated attacker may be able to make the server send unintended requests, potentially reaching internal resources. Public exploit information is reported, but active exploitation is not confirmed by KEV or the provided sources.
Related terms
CWE-918vdb-entrysignaturepermissions-requiredthird-party-advisoryissue-trackingexploitproduct
CVE-2026-4887 Medium
View detail
Key signals
Official summary
Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
Glexia's Take
CVE-2026-4887 affects GIMP when a user opens a malicious PCX image. The likely impact is application crash and limited memory disclosure, not system takeover. Business urgency is moderate: prioritize endpoints or servers where GIMP is installed and users handle untrusted image files.
Related terms
CWE-193vendor-advisoryx_refsource_redhatvdb-entryissue-trackingplatformRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
CVE-2025-5372 Medium
View detail
Key signals
Official summary
Libssh: incorrect return code handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Glexia's Take
CVE-2025-5372 is a libssh cryptographic error-handling flaw. In affected builds, a failed key-derivation operation may be treated as successful, causing SSH sessions to use uninitialized keys. That can weaken confidentiality, integrity, and availability, but the published severity is medium and exploitation is not reported in the provided sources.
Related terms
CWE-682vendor-advisoryx_refsource_redhatvdb-entryissue-trackingcloudplatformlibssh
CVE-2026-12209 Medium
View detail
Key signals
Official summary
RubyLouvre avalon Template Filter index.js prototype pollution
A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12209 affects RubyLouvre avalon’s template filter handling. A remote attacker may be able to modify JavaScript object prototypes, which can undermine application logic and potentially lead to code injection impacts. Public exploit material is referenced, but active exploitation is not confirmed by KEV or the provided sources.
Related terms
CWE-1321CWE-94vdb-entrysignaturepermissions-requiredthird-party-advisoryexploitot-ics
CVE-2026-4775 High
View detail
Key signals
Official summary
Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Glexia's Take
CVE-2026-4775 is a high-severity libtiff flaw. A malicious TIFF image can trigger memory corruption when opened or processed, potentially crashing the application or enabling code execution. Business risk is highest where Red Hat systems process untrusted image files, such as document intake, uploads, conversion services, or desktop workflows.
Related terms
CWE-190vendor-advisoryx_refsource_redhatvdb-entryissue-trackingplatformRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10
CVE-2026-12208 Medium
View detail
Key signals
Official summary
jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12208 is a prototype pollution issue in the jsonata JavaScript library through version 2.2.0. A remote, unauthenticated attacker may be able to alter object prototype attributes when affected functionality processes attacker-controlled input. Public exploit material is referenced, but the provided sources do not show confirmed active exploitation.
Related terms
CWE-1321CWE-94vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploit
CVE-2026-12207 Medium
View detail
Key signals
Official summary
medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12207 affects medkey-org medkey’s HTTP REST API. A logged-in remote user may manipulate a patient ID parameter to access an unintended patient resource. The public record says exploit material is available, but there is no KEV listing or cited evidence of active exploitation.
Related terms
CWE-99vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploitot-ics
CVE-2026-12206 Medium
View detail
Key signals
Official summary
Grit42 Grit data_table_entity.rb DataTableEntity sql injection
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12206 is a SQL injection issue in Grit42 Grit through 0.11.0. A remote authenticated user may be able to interfere with database queries, affecting confidentiality, integrity, and availability. Public exploit material is referenced, but the provided sources do not show confirmed active exploitation.
Related terms
CWE-74CWE-89vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploit
Key signals
Official summary
ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
ShopXO has a reported authorization bypass in its scheduled task endpoint. A remote unauthenticated attacker may be able to trigger order and goods-integral related cron functions. Public exploit material is referenced, but active exploitation is not confirmed by KEV or the provided sources.
Related terms
CWE-285CWE-639vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploit
CVE-2026-12203 Medium
View detail
Key signals
Official summary
HKUDS AI-Trader Research Export agents.csv information disclosure
A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability".
Glexia's Take
CVE-2026-12203 exposes research export data in HKUDS AI-Trader through an endpoint that did not require proper authentication or capability checks. The reported endpoint is /api/research/agents.csv. The issue is remotely reachable, and public exploit information is reported, but it is not listed in CISA KEV.
Related terms
CWE-200CWE-284vdb-entrysignaturepermissions-requiredthird-party-advisoryissue-trackingpatch
CVE-2026-12202 Medium
View detail
Key signals
Official summary
Intelliants Subrion CMS Blocks Endpoint cross site scripting
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12202 is a cross-site scripting issue in Intelliants Subrion CMS 4.0.0 through 4.0.3. It affects the Blocks Endpoint via the CSS class name argument. The rating is medium, but public exploit information exists. The available sources do not show confirmed active exploitation or an official vendor fix.
Related terms
CWE-79CWE-94vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploit
CVE-2026-12201 Medium
View detail
Key signals
Official summary
IObit Malware Fighter DLL permission
A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12201 affects IObit Malware Fighter versions 13.0 through 13.2.0. A local, already-authenticated user may abuse DLL handling permission weaknesses to impact confidentiality, integrity, and availability at a limited level. Public exploit material is referenced, but the source bundle does not show confirmed active exploitation.
Related terms
CWE-266CWE-275vdb-entrysignaturepermissions-requiredthird-party-advisoryrelatedexploit
Key signals
Official summary
Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Glexia's Take
CVE-2026-12200 is a remotely reachable buffer overflow in Ritlabs TinyWeb Server for Win32 through version 1.94. A malicious Authorization header can crash or potentially compromise the service. Public exploit information is referenced, but the provided sources do not show confirmed active exploitation or a vendor fix.
Related terms
CWE-119CWE-121vdb-entrytechnical-descriptionsignaturepermissions-requiredthird-party-advisoryexploit