Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,101 - 3,120 of 3,131 CVEs
CVE-2025-69275 MEDIUM - 6.1

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69274 HIGH - 8.8

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69273 HIGH - 7.5

Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69272 HIGH - 7.5

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69271 HIGH - 7.5

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69270 CRITICAL - 9.8

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69269 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69268 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69267 MEDIUM - 6.5

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-52694 CRITICAL - 9.8

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

Vendor: advantech
Product: iot_edge_linux_docker
Published: Jan 12, 2026
Source: NVD
CVE-2026-22584 CRITICAL - 9.8

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

Vendor: salesforce
Product: uni2ts
Published: Jan 09, 2026
Source: NVD
CVE-2019-25291 HIGH - 7.5

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving de...

Published: Jan 08, 2026
Source: NVD
CVE-2025-66560 MEDIUM - 5.9

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writte...

Published: Jan 07, 2026
Source: NVD

Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execu...

Published: Jan 07, 2026
Source: NVD
CVE-2025-0980 MEDIUM - 6.4

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Published: Jan 07, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values, but d...

Published: Jan 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing ssk...

Published: Jan 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag.

Published: Jan 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers....

Published: Jan 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in __flush_work) occurs because the cle...

Published: Jan 05, 2026
Source: NVD