Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,614
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,221 - 13,240 of 13,618 CVEs
CVE-2025-71027 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71026 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71025 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71024 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71023 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-70753 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax1806_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-66698 HIGH - 8.6

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.

Published: Jan 13, 2026
Source: NVD
CVE-2025-36640 HIGH - 8.8

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2025-13447 HIGH - 8.4

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Published: Jan 13, 2026
Source: NVD
CVE-2025-13444 HIGH - 8.4

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Published: Jan 13, 2026
Source: NVD
CVE-2026-0891 HIGH - 8.1

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0889 HIGH - 7.5

Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0882 HIGH - 8.8

Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0880 HIGH - 8.8

Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0878 HIGH - 8.0

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0877 HIGH - 8.1

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2025-11669 HIGH - 8.1

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

Published: Jan 13, 2026
Source: NVD
CVE-2025-13774 HIGH - 8.8

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

Published: Jan 13, 2026
Source: NVD
CVE-2026-0859 HIGH - 7.8

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...

Vendor: typo3
Product: typo3
Published: Jan 13, 2026
Source: NVD
CVE-2025-59022 HIGH - 8.1

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailab...

Vendor: typo3
Product: typo3
Published: Jan 13, 2026
Source: NVD