Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
Showing 13,301 - 13,320 of 14,327 CVEs
CVE-2021-47827 HIGH - 7.5

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input fi...

Vendor: WebSSH
Product: WebSSH for iOS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47826 HIGH - 7.8

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that ...

Vendor: Acer
Product: Acer Backup Manager Module
Published: Jan 16, 2026
Source: NVD
CVE-2021-47825 HIGH - 7.8

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permi...

Vendor: Acer
Product: Acer Updater Service
Published: Jan 16, 2026
Source: NVD
CVE-2021-47824 HIGH - 7.5

iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.

Vendor: Splinterware
Product: iDailyDiary
Published: Jan 16, 2026
Source: NVD
CVE-2021-47823 HIGH - 7.8

Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions...

Vendor: Acer
Product: ePowerSvc
Published: Jan 16, 2026
Source: NVD
CVE-2021-47822 HIGH - 7.8

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level ac...

Vendor: Diskboss
Product: DiskBoss Service
Published: Jan 16, 2026
Source: NVD
CVE-2021-47821 HIGH - 7.5

RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger applic...

Vendor: Raimersoft
Product: RarmaRadio
Published: Jan 16, 2026
Source: NVD
CVE-2021-47818 HIGH - 7.5

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.

Vendor: dupterminator
Product: DupTerminator
Published: Jan 16, 2026
Source: NVD
CVE-2021-47816 HIGH - 8.8

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with...

Vendor: Thecus
Product: Thecus N4800Eco Nas Server Control Panel
Published: Jan 16, 2026
Source: NVD
CVE-2025-31510 HIGH - 7.2

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.

Vendor: lemonldap-ng
Product: LemonLDAP::NG
Published: Jan 16, 2026
Source: NVD
CVE-2025-24528 HIGH - 7.1

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Vendor: MIT
Product: Kerberos 5
Published: Jan 16, 2026
Source: NVD
CVE-2024-44238 HIGH - 7.8

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.

Vendor: Apple
Product: iOS and iPadOS
Published: Jan 16, 2026
Source: NVD
CVE-2026-23529 HIGH - 7.7

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configuration...

Vendor: Aiven-Open
Product: bigquery-connector-for-apache-kafka
Published: Jan 16, 2026
Source: NVD
CVE-2025-71020 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 16, 2026
Source: NVD
CVE-2025-70746 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 16, 2026
Source: NVD
CVE-2025-68921 HIGH - 7.8

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

Vendor: steelseries
Product: nahimic
Published: Jan 16, 2026
Source: NVD
CVE-2026-0616 HIGH - 7.5

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

Vendor: thelibrarian
Product: the_librarian
Published: Jan 16, 2026
Source: NVD
CVE-2026-0615 HIGH - 7.3

The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.

Vendor: thelibrarian
Product: the_librarian
Published: Jan 16, 2026
Source: NVD
CVE-2026-0613 HIGH - 7.5

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fi...

Vendor: thelibrarian
Product: the_librarian
Published: Jan 16, 2026
Source: NVD
CVE-2026-0612 HIGH - 7.5

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions ...

Vendor: thelibrarian
Product: the_librarian
Published: Jan 16, 2026
Source: NVD