Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,871
Quick preset (or use dates below)
Clear Filters
Showing 13,361 - 13,380 of 14,327 CVEs
CVE-2021-47786 HIGH - 7.5

Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.

Vendor: Redragon
Product: Redragon Gaming Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47782 HIGH - 8.2

Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate Postg...

Vendor: Odinesolutions
Product: Odine Solutions GateKeeper
Published: Jan 16, 2026
Source: NVD
CVE-2021-47780 HIGH - 7.8

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions d...

Vendor: macro-expert
Product: macro_expert
Published: Jan 16, 2026
Source: NVD
CVE-2021-47779 HIGH - 7.2

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text...

Vendor: Dolibarr
Product: CRM
Published: Jan 16, 2026
Source: NVD
CVE-2021-47756 HIGH - 8.4

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Vendor: Laravel
Product: Laravel Valet
Published: Jan 16, 2026
Source: NVD
CVE-2020-36930 HIGH - 7.8

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious execu...

Vendor: Sysgauge
Product: SysGauge
Published: Jan 16, 2026
Source: NVD
CVE-2020-36929 HIGH - 7.8

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and ...

Vendor: Support
Product: Brother BRPrint Auditor
Published: Jan 16, 2026
Source: NVD
CVE-2020-36928 HIGH - 7.8

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.

Vendor: Brother
Product: Brother BRAgent
Published: Jan 16, 2026
Source: NVD
CVE-2020-36927 HIGH - 7.8

DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject...

Vendor: Diskpulse
Product: DiskPulse
Published: Jan 16, 2026
Source: NVD
CVE-2020-36926 HIGH - 7.5

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique iden...

Vendor: Smartertools
Product: SmarterTools SmarterTrack
Published: Jan 16, 2026
Source: NVD
CVE-2026-22863 HIGH - 7.5

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server se...

Vendor: deno
Product: deno
Published: Jan 15, 2026
Source: NVD
CVE-2026-22045 HIGH - 7.5

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when t...

Vendor: traefik
Product: traefik
Published: Jan 15, 2026
Source: NVD
CVE-2026-0915 HIGH - 7.5

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Vendor: gnu
Product: glibc
Published: Jan 15, 2026
Source: NVD
CVE-2025-67823 HIGH - 8.2

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interact...

Vendor: mitel
Product: cx
Published: Jan 15, 2026
Source: NVD
CVE-2026-21920 HIGH - 7.5

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd wi...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21918 HIGH - 7.5

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of p...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21917 HIGH - 7.5

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifical...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21914 HIGH - 7.5

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21913 HIGH - 7.5

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high ...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21908 HIGH - 7.1

A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially ...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD