COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

12:51:37 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

12:51:37 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

2026-W05

2026-01-26 00:00 UTC 2026-02-01 23:59 UTC

← 2026-W04 all weeks 2026-W06 →

// total

0

// critical

0

// high

0

// medium

0

// low

0

// new kev

7

// top critical

No CRITICAL CVEs published this week.

// top high

No HIGH CVEs published this week.

// new kev additions

CVE-2026-1281NONEKEV
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
CVE-2026-24858NONEKEV
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVE-2026-23760NONEKEV

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. This could allow an unauthenticated attacker to supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.

CVE-2026-21509NONEKEV

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.

CVE-2018-14634NONEKEV

Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.

CVE-2025-52691NONEKEV

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

CVE-2026-24061NONEKEV

GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational