Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
Showing 13,521 - 13,540 of 14,355 CVEs
CVE-2022-50895 HIGH - 8.2

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50890 HIGH - 7.5

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the devi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50808 HIGH - 8.4

CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50806 HIGH - 8.8

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50805 HIGH - 8.2

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50693 HIGH - 8.4

Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malici...

Published: Jan 13, 2026
Source: NVD
CVE-2021-47751 HIGH - 7.5

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using di...

Published: Jan 13, 2026
Source: NVD
CVE-2026-22870 HIGH - 7.5

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume ...

Vendor: datadoghq
Product: guarddog
Published: Jan 13, 2026
Source: NVD
CVE-2026-22861 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerabi...

Vendor: color
Product: iccdev
Published: Jan 13, 2026
Source: NVD
CVE-2026-21299 HIGH - 7.8

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21298 HIGH - 7.8

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-0528 HIGH - 7.5

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD
CVE-2025-37186 HIGH - 7.8

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2026-21307 HIGH - 7.8

Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_designer
Published: Jan 13, 2026
Source: NVD
CVE-2026-21306 HIGH - 7.8

Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_sampler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21305 HIGH - 7.8

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_painter
Published: Jan 13, 2026
Source: NVD
CVE-2026-21287 HIGH - 7.8

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_stager
Published: Jan 13, 2026
Source: NVD
CVE-2025-68931 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68704 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68703 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD