Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,602
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,241 - 13,260 of 13,618 CVEs
CVE-2025-40944 HIGH - 7.5

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLU...

Published: Jan 13, 2026
Source: NVD
CVE-2025-40942 HIGH - 7.8

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

Vendor: siemens
Product: telecontrol_server_basic
Published: Jan 13, 2026
Source: NVD
CVE-2025-41717 HIGH - 8.8

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code...

Published: Jan 13, 2026
Source: NVD
CVE-2025-66177 HIGH - 8.8

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Published: Jan 13, 2026
Source: NVD
CVE-2025-66176 HIGH - 8.8

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Vendor: hikvision
Product: ds-k1t331_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2026-0511 HIGH - 8.1

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.

Published: Jan 13, 2026
Source: NVD
CVE-2026-0507 HIGH - 8.4

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execu...

Published: Jan 13, 2026
Source: NVD
CVE-2026-0506 HIGH - 8.1

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs a...

Vendor: sap
Product: netweaver_application_server_abap
Published: Jan 13, 2026
Source: NVD
CVE-2026-0500 HIGH - 8.8

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope ...

Vendor: sap
Product: introscope_enterprise_manager
Published: Jan 13, 2026
Source: NVD
CVE-2026-0498 HIGH - 7.2

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effe...

Vendor: sap
Product: s\/4_hana
Published: Jan 13, 2026
Source: NVD
CVE-2026-0492 HIGH - 8.8

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system๏ฟฝs confidentiality, integrity, and availability.

Published: Jan 13, 2026
Source: NVD
CVE-2026-22812 HIGH - 8.8

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Vendor: anoma
Product: opencode
Published: Jan 12, 2026
Source: NVD
CVE-2026-22801 HIGH - 7.8

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap bu...

Vendor: libpng
Product: libpng
Published: Jan 12, 2026
Source: NVD
CVE-2026-22695 HIGH - 7.1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with ...

Vendor: libpng
Product: libpng
Published: Jan 12, 2026
Source: NVD
CVE-2025-15514 HIGH - 7.5

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid me...

Vendor: ollama
Product: ollama
Published: Jan 12, 2026
Source: NVD
CVE-2024-58340 HIGH - 7.5

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions fr...

Vendor: langchain
Product: langchain
Published: Jan 12, 2026
Source: NVD
CVE-2024-58339 HIGH - 7.5

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without...

Vendor: llamaindex
Product: llamaindex
Published: Jan 12, 2026
Source: NVD
CVE-2024-14021 HIGH - 7.8

LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir w...

Vendor: llamaindex
Product: llamaindex
Published: Jan 12, 2026
Source: NVD
CVE-2026-22799 HIGH - 8.8

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key ...

Vendor: emlog
Product: emlog
Published: Jan 12, 2026
Source: NVD
CVE-2026-22794 HIGH - 8.8

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generate...

Vendor: appsmith
Product: appsmith
Published: Jan 12, 2026
Source: NVD