Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,787
Quick preset (or use dates below)
Clear Filters
Showing 12,881 - 12,900 of 14,675 CVEs
CVE-2026-22796 MEDIUM - 5.3

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An applicatio...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2026-22795 MEDIUM - 5.5

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A typ...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-69418 MEDIUM - 4.0

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 b...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-68160 MEDIUM - 4.7

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-66199 MEDIUM - 5.9

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and e...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-55095 MEDIUM - 4.2

The function _ux_host_class_storage_media_mount()Β is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_stor...

Vendor: Eclipse Foundation
Product: Eclipse ThreadX - USBX
Published: Jan 27, 2026
Source: NVD
CVE-2025-28164 MEDIUM - 5.5

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

Published: Jan 27, 2026
Source: NVD
CVE-2025-28162 MEDIUM - 5.5

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Published: Jan 27, 2026
Source: NVD
CVE-2025-15469 MEDIUM - 5.5

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-15468 MEDIUM - 5.9

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Serv...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2025-11187 MEDIUM - 6.1

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of...

Vendor: OpenSSL
Product: OpenSSL
Published: Jan 27, 2026
Source: NVD
CVE-2020-36950 MEDIUM - 6.5

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

Vendor: Laravel Holdings Inc.
Product: Laravel Nova
Published: Jan 27, 2026
Source: NVD
CVE-2026-1489 MEDIUM - 5.4

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. ...

Published: Jan 27, 2026
Source: NVD
CVE-2026-1484 MEDIUM - 4.2

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted ...

Published: Jan 27, 2026
Source: NVD

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.

Vendor: pip
Product: askbot
Published: Jan 27, 2026
Source: NVD
CVE-2025-41728 MEDIUM - 5.3

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially co...

Vendor: Beckhoff Automation
Product: Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT/BSD, MDP for Beckhoff RT Linux(R)
Published: Jan 27, 2026
Source: NVD
CVE-2026-24829 MEDIUM - 6.5

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

Vendor: Is-Daouda
Product: is-Engine
Published: Jan 27, 2026
Source: NVD
CVE-2026-1467 MEDIUM - 6.1

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a...

Published: Jan 27, 2026
Source: NVD

Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.

Vendor: foxinmy
Product: weixin4j
Published: Jan 27, 2026
Source: NVD

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

Vendor: liuyueyi
Product: quick-media
Published: Jan 27, 2026
Source: NVD