Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,871
Quick preset (or use dates below)
Clear Filters
Showing 13,621 - 13,640 of 14,756 CVEs
CVE-2026-21921 MEDIUM - 6.5

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors c...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21912 MEDIUM - 5.5

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line...

Vendor: Juniper Networks
Product: Junos OS
Published: Jan 15, 2026
Source: NVD
CVE-2026-21911 MEDIUM - 6.5

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while ge...

Vendor: juniper
Product: junos_os_evolved
Published: Jan 15, 2026
Source: NVD
CVE-2026-21910 MEDIUM - 6.5

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifi...

Vendor: Juniper Networks
Product: Junos OS
Published: Jan 15, 2026
Source: NVD
CVE-2026-21909 MEDIUM - 6.5

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt a...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21907 MEDIUM - 5.9

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support ...

Vendor: juniper
Product: junos_space
Published: Jan 15, 2026
Source: NVD
CVE-2026-21903 MEDIUM - 6.5

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resul...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-0203 MEDIUM - 6.5

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an IC...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-70891 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attack...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-70890 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affec...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-67025 MEDIUM - 6.1

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section

Vendor: n/a
Product: n/a
Published: Jan 15, 2026
Source: NVD
CVE-2025-65368 MEDIUM - 6.1

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.

Vendor: codewithcj
Product: sparkyfitness
Published: Jan 15, 2026
Source: NVD
CVE-2025-60011 MEDIUM - 5.8

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a s...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-60007 MEDIUM - 5.5

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted option...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-59961 MEDIUM - 5.5

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resou...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-59959 MEDIUM - 5.5

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertisin...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-52987 MEDIUM - 6.1

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting...

Vendor: Juniper Networks
Product: Paragon Automation (Pathfinder, Planner, Insights)
Published: Jan 15, 2026
Source: NVD
CVE-2026-23766 MEDIUM - 4.1

Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already exclude sidecar injection entir...

Vendor: Istio
Product: Istio
Published: Jan 15, 2026
Source: NVD
CVE-2026-23511 MEDIUM - 5.3

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames ...

Vendor: zitadel
Product: zitadel
Published: Jan 15, 2026
Source: NVD
CVE-2025-65349 MEDIUM - 5.4

A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at /in...

Vendor: eachitaly
Product: wireless_mini_router_wireless-n_300m_firmware
Published: Jan 15, 2026
Source: NVD