Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,871
Quick preset (or use dates below)
Clear Filters
Showing 13,381 - 13,400 of 14,327 CVEs
CVE-2026-21906 HIGH - 7.5

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IP...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21905 HIGH - 7.5

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-70893 HIGH - 8.8

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL ex...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-60003 HIGH - 7.5

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attr...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-59960 HIGH - 7.4

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP s...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2024-48077 HIGH - 7.5

An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services.

Vendor: emqx
Product: nanomq
Published: Jan 15, 2026
Source: NVD
CVE-2026-22803 HIGH - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a ...

Vendor: svelte
Product: kit
Published: Jan 15, 2026
Source: NVD
CVE-2026-22775 HIGH - 7.5

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse in...

Vendor: svelte
Product: devalue
Published: Jan 15, 2026
Source: NVD
CVE-2026-22774 HIGH - 7.5

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse in...

Vendor: svelte
Product: devalue
Published: Jan 15, 2026
Source: NVD
CVE-2026-0227 HIGH - 7.5

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Vendor: paloaltonetworks
Product: pan-os
Published: Jan 15, 2026
Source: NVD
CVE-2025-70307 HIGH - 7.5

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Vendor: n/a
Product: n/a
Published: Jan 15, 2026
Source: NVD
CVE-2025-36911 HIGH - 7.1

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jan 15, 2026
Source: NVD
CVE-2026-22867 HIGH - 8.7

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker...

Vendor: suitenumerique
Product: docs
Published: Jan 15, 2026
Source: NVD
CVE-2026-22265 HIGH - 7.5

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py li...

Vendor: roxy-wi
Product: roxy-wi
Published: Jan 15, 2026
Source: NVD
CVE-2025-70656 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax1806_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2025-70308 HIGH - 7.5

An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70304 HIGH - 7.5

A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70298 HIGH - 8.2

GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-66292 HIGH - 8.1

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative ba...

Vendor: donknap
Product: dpanel
Published: Jan 15, 2026
Source: NVD
CVE-2025-67246 HIGH - 7.3

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. ...

Vendor: ludashi
Product: ludashi_driver
Published: Jan 15, 2026
Source: NVD