Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,601
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,941 - 12,960 of 13,594 CVEs
CVE-2020-36927 HIGH - 7.8

DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject...

Vendor: Diskpulse
Product: DiskPulse
Published: Jan 16, 2026
Source: NVD
CVE-2020-36926 HIGH - 7.5

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique iden...

Vendor: Smartertools
Product: SmarterTools SmarterTrack
Published: Jan 16, 2026
Source: NVD
CVE-2026-22863 HIGH - 7.5

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server se...

Vendor: deno
Product: deno
Published: Jan 15, 2026
Source: NVD
CVE-2026-22045 HIGH - 7.5

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when t...

Vendor: traefik
Product: traefik
Published: Jan 15, 2026
Source: NVD
CVE-2026-0915 HIGH - 7.5

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Vendor: gnu
Product: glibc
Published: Jan 15, 2026
Source: NVD
CVE-2025-67823 HIGH - 8.2

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interact...

Vendor: mitel
Product: cx
Published: Jan 15, 2026
Source: NVD
CVE-2026-21920 HIGH - 7.5

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd wi...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21918 HIGH - 7.5

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of p...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21917 HIGH - 7.5

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifical...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21914 HIGH - 7.5

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21913 HIGH - 7.5

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high ...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21908 HIGH - 7.1

A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially ...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21906 HIGH - 7.5

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IP...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21905 HIGH - 7.5

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-70893 HIGH - 8.8

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL ex...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-60003 HIGH - 7.5

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attr...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-59960 HIGH - 7.4

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP s...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2024-48077 HIGH - 7.5

An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services.

Vendor: emqx
Product: nanomq
Published: Jan 15, 2026
Source: NVD
CVE-2026-22803 HIGH - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a ...

Vendor: svelte
Product: kit
Published: Jan 15, 2026
Source: NVD
CVE-2026-22775 HIGH - 7.5

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse in...

Vendor: svelte
Product: devalue
Published: Jan 15, 2026
Source: NVD