Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,829
Quick preset (or use dates below)
Clear Filters
Showing 13,501 - 13,520 of 14,327 CVEs
CVE-2026-22861 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerabi...

Vendor: color
Product: iccdev
Published: Jan 13, 2026
Source: NVD
CVE-2026-21299 HIGH - 7.8

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21298 HIGH - 7.8

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-0528 HIGH - 7.5

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD
CVE-2025-37186 HIGH - 7.8

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2026-21307 HIGH - 7.8

Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_designer
Published: Jan 13, 2026
Source: NVD
CVE-2026-21306 HIGH - 7.8

Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_sampler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21305 HIGH - 7.8

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_painter
Published: Jan 13, 2026
Source: NVD
CVE-2026-21287 HIGH - 7.8

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_stager
Published: Jan 13, 2026
Source: NVD
CVE-2025-68931 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68704 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68703 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68702 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68701 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68698 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-37178 HIGH - 7.5

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37176 HIGH - 7.2

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges o...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37175 HIGH - 7.2

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands ...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37174 HIGH - 7.2

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary comman...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37173 HIGH - 7.2

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected sy...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD