Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
Showing 13,541 - 13,560 of 14,355 CVEs
CVE-2025-68702 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68701 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-68698 HIGH - 7.5

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-37178 HIGH - 7.5

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37176 HIGH - 7.2

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges o...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37175 HIGH - 7.2

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands ...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37174 HIGH - 7.2

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary comman...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37173 HIGH - 7.2

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected sy...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37172 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37171 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37170 HIGH - 7.2

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating syste...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37169 HIGH - 7.2

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2026-21304 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21283 HIGH - 7.8

Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: bridge
Published: Jan 13, 2026
Source: NVD
CVE-2026-21281 HIGH - 7.8

InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: incopy
Published: Jan 13, 2026
Source: NVD
CVE-2026-21280 HIGH - 8.6

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that se...

Vendor: adobe
Product: illustrator
Published: Jan 13, 2026
Source: NVD
CVE-2026-21277 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21276 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21275 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21274 HIGH - 7.8

Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitati...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD