Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,141 - 12,160 of 13,433 CVEs
CVE-2026-22264 HIGH - 7.4

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted...

Vendor: OISF
Product: suricata
Published: Jan 27, 2026
Source: NVD
CVE-2020-36983 HIGH - 7.8

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during sys...

Vendor: Pablosoftwaresolutions
Product: Quick 'n Easy FTP Service
Published: Jan 27, 2026
Source: NVD
CVE-2020-36982 HIGH - 7.8

Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privile...

Vendor: Motorola-Device-Manager
Product: Motorola Device Manager
Published: Jan 27, 2026
Source: NVD
CVE-2020-36981 HIGH - 7.8

Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges duri...

Vendor: Filehorse
Product: Motorola Device Manager
Published: Jan 27, 2026
Source: NVD
CVE-2020-36980 HIGH - 7.8

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege...

Vendor: Segurazo
Product: SAntivirus IC
Published: Jan 27, 2026
Source: NVD
CVE-2020-36979 HIGH - 7.8

Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.

Vendor: Atheros
Product: Coex Service Application
Published: Jan 27, 2026
Source: NVD
CVE-2020-36977 HIGH - 7.8

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privileg...

Vendor: Wondershare
Product: Wondershare Driver Install Service help
Published: Jan 27, 2026
Source: NVD
CVE-2020-36976 HIGH - 7.8

Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables th...

Vendor: Acer
Product: Global Registration Service
Published: Jan 27, 2026
Source: NVD
CVE-2020-36975 HIGH - 7.8

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE...

Vendor: SEIKO EPSON Corp
Product: Status Monitor 3
Published: Jan 27, 2026
Source: NVD
CVE-2020-36974 HIGH - 7.8

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that...

Vendor: Realtek
Product: Realtek Andrea RT Filters
Published: Jan 27, 2026
Source: NVD
CVE-2026-23593 HIGH - 7.5

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Fabric Composer
Published: Jan 27, 2026
Source: NVD
CVE-2026-23592 HIGH - 7.2

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Fabric Composer
Published: Jan 27, 2026
Source: NVD
CVE-2026-22260 HIGH - 7.5

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.

Vendor: OISF
Product: suricata
Published: Jan 27, 2026
Source: NVD
CVE-2025-33234 HIGH - 7.8

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: NVIDIA runx
Published: Jan 27, 2026
Source: NVD
CVE-2026-23881 HIGH - 7.7

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially ...

Vendor: kyverno
Product: kyverno
Published: Jan 27, 2026
Source: NVD
CVE-2026-22259 HIGH - 7.5

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed...

Vendor: OISF
Product: suricata
Published: Jan 27, 2026
Source: NVD
CVE-2026-22258 HIGH - 7.5

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are...

Vendor: OISF
Product: suricata
Published: Jan 27, 2026
Source: NVD
CVE-2026-24875 HIGH - 7.8

Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.

Vendor: yoyofr
Product: modizer
Published: Jan 27, 2026
Source: NVD
CVE-2026-24873 HIGH - 7.8

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.

Vendor: Rinnegatamante
Product: lpp-vita
Published: Jan 27, 2026
Source: NVD
CVE-2026-24869 HIGH - 8.1

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2.

Vendor: Mozilla
Product: Firefox
Published: Jan 27, 2026
Source: NVD