Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,811
Quick preset (or use dates below)
Clear Filters
Showing 12,841 - 12,860 of 14,271 CVEs
CVE-2025-15348 HIGH - 7.8

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target...

Vendor: Anritsu
Product: ShockLine
Published: Jan 23, 2026
Source: NVD
CVE-2025-15062 HIGH - 7.8

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

Vendor: Trimble
Product: SketchUp
Published: Jan 23, 2026
Source: NVD
CVE-2025-15059 HIGH - 7.8

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...

Vendor: GIMP
Product: GIMP
Published: Jan 23, 2026
Source: NVD
CVE-2025-11002 HIGH - 7.0

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on th...

Vendor: 7-Zip
Product: 7-Zip
Published: Jan 23, 2026
Source: NVD
CVE-2026-24138 HIGH - 7.5

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and f...

Vendor: FOGProject
Product: fogproject
Published: Jan 23, 2026
Source: NVD
CVE-2026-24129 HIGH - 8.0

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager f...

Vendor: runtipi
Product: runtipi
Published: Jan 22, 2026
Source: NVD
CVE-2026-21524 HIGH - 7.4

Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2026-21521 HIGH - 7.4

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2026-21520 HIGH - 7.5

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

Published: Jan 22, 2026
Source: NVD
CVE-2026-21227 HIGH - 8.2

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2025-55705 HIGH - 7.3

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration ...

Vendor: EVMAPA
Product: EVMAPA
Published: Jan 22, 2026
Source: NVD
CVE-2025-53968 HIGH - 7.5

This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. This can overwhelm the authentication system...

Vendor: EVMAPA
Product: EVMAPA
Published: Jan 22, 2026
Source: NVD
CVE-2026-23988 HIGH - 7.3

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges (Administrator) but writes the scr...

Vendor: pbatard
Product: rufus
Published: Jan 22, 2026
Source: NVD
CVE-2026-23954 HIGH - 8.7

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the โ€˜incusโ€™ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file r...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: Jan 22, 2026
Source: GitHub
CVE-2026-23953 HIGH - 8.7

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the โ€˜incusโ€™ group) can create an environment variable containing newlines, which can be used to add additional config...

Vendor: go
Product: github.com/lxc/incus/v6
Published: Jan 22, 2026
Source: GitHub
CVE-2025-66428 HIGH - 8.8

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

Vendor: pip
Product: sentencepiece
Published: Jan 22, 2026
Source: GitHub

Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema ...

Vendor: npm
Product: @orval/mock
Published: Jan 22, 2026
Source: GitHub

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acces...

Vendor: go
Product: d7y.io/dragonfly/v2
Published: Jan 22, 2026
Source: GitHub
CVE-2026-24049 HIGH - 7.1

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archi...

Vendor: pip
Product: wheel
Published: Jan 22, 2026
Source: GitHub