CVE CyberSecurity Database News

Jan 27, 2026 Exploit

CVE-2026-22258 - Suricata DCERPC Buffer Expansion Vulnerability Explained

Suricata is a widely-used open-source engine for network intrusion detection (IDS), intrusion prevention (IPS), and network security monitoring (NSM). In early 2026, a significant vulnerability

Jan 26, 2026 XXE Exploit Java

CVE-2026-24400 - **XXE Vulnerability in AssertJ's XmlStringPrettyFormatter – Exploit Details and Remediation Guide

AssertJ is one of the most popular libraries for fluent assertions in Java testing. While it makes tests expressive and readable, a serious XML External

Jan 26, 2026 Microsoft

CVE-2026-21509 - How a Microsoft Office Bug Lets Attackers Bypass Security Using Untrusted Inputs

In early 2026, a new vulnerability was disclosed affecting Microsoft Office, tagged as CVE-2026-21509. This bug highlights how relying on untrusted user input can open

Jan 23, 2026

CVE-2025-3839 - How Epiphany Browser's External App Handling Opens Doors for Remote Exploits

In early 2025, security researchers uncovered a serious vulnerability in the Epiphany browser, also known as GNOME Web. This flaw, now tracked as CVE-2025-3839, could

Jan 22, 2026

CVE-2025-22234 - How a Fix Broke Timing Attack Mitigation in DaoAuthenticationProvider (And Why It Matters)

Security fixes don’t always go as planned. In early 2025, a patch meant to address a separate vulnerability (CVE-2025-22228) in a widely-used authentication framework