Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,101 - 13,120 of 13,618 CVEs
CVE-2025-37186 HIGH - 7.8

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2026-21307 HIGH - 7.8

Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_designer
Published: Jan 13, 2026
Source: NVD
CVE-2026-21306 HIGH - 7.8

Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_sampler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21305 HIGH - 7.8

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_painter
Published: Jan 13, 2026
Source: NVD
CVE-2026-21287 HIGH - 7.8

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_stager
Published: Jan 13, 2026
Source: NVD
CVE-2025-68931 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68704 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68703 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68702 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68701 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68698 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-37178 HIGH - 7.5

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37176 HIGH - 7.2

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges o...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37175 HIGH - 7.2

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands ...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37174 HIGH - 7.2

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary comman...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37173 HIGH - 7.2

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected sy...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37172 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37171 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37170 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37169 HIGH - 7.2

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD