Monday, January 19, 2026 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Yesterday's disclosures contained zero critical-severity CVEs, a significant decrease from the prior day's two critical vulnerabilities. High-priority vulnerabilities dropped 60% to 21 entries compared to 53 previously. Four actively exploited vulnerabilities were added to the KEV catalog, including CVE-2009-0556 affecting Microsoft Office, CVE-2025-37164 in HPE OneView, CVE-2025-8110 targeting Gogs, and CVE-2026-20805 impacting Microsoft Windows. All four KEV entries carry CVSS scores of 9.5, indicating severe impact potential despite the absence of newly disclosed critical CVEs. Patch availability stands at 0%, indicating these vulnerabilities currently lack vendor-supplied fixes.

  • Zero critical CVEs disclosed, down from 2 the prior day (-100%)
  • 21 high-priority vulnerabilities, reduced from 53 (-60%)
  • 4 actively exploited vulnerabilities added to KEV catalog
  • 0% patch availability across disclosed vulnerabilities
  • Affected vendors include Microsoft, HPE, and Gogs

Immediate action: Organizations running Microsoft Office, Microsoft Windows, HPE OneView, or Gogs should prioritize reviewing these actively exploited vulnerabilities for potential exposure. With no patches currently available, implement compensating controls such as network segmentation, access restrictions, and enhanced monitoring for affected systems.

πŸ’‘ Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation