Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,844
Quick preset (or use dates below)
Clear Filters
Showing 13,641 - 13,660 of 14,355 CVEs
CVE-2026-20808 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20804 HIGH - 7.7

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20803 HIGH - 7.2

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: sql_server_2022
Published: Jan 13, 2026
Source: NVD
CVE-2026-0386 HIGH - 7.5

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Vendor: microsoft
Product: windows_server_2008
Published: Jan 13, 2026
Source: NVD
CVE-2025-37166 HIGH - 7.5

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct...

Published: Jan 13, 2026
Source: NVD
CVE-2025-37165 HIGH - 7.5

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.

Published: Jan 13, 2026
Source: NVD
CVE-2025-10865 HIGH - 7.8

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present.

Published: Jan 13, 2026
Source: NVD
CVE-2025-68707 HIGH - 8.8

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of...

Published: Jan 13, 2026
Source: NVD
CVE-2025-59922 HIGH - 7.2

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

Vendor: fortinet
Product: forticlientems
Published: Jan 13, 2026
Source: NVD
CVE-2025-58411 HIGH - 8.8

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potential ...

Published: Jan 13, 2026
Source: NVD
CVE-2025-46685 HIGH - 7.5

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2025-25652 HIGH - 7.5

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.

Published: Jan 13, 2026
Source: NVD
CVE-2025-71027 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71026 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71025 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71024 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-71023 HIGH - 7.5

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax3_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-70753 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: tenda
Product: ax1806_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2025-66698 HIGH - 8.6

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.

Published: Jan 13, 2026
Source: NVD
CVE-2025-36640 HIGH - 8.8

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.

Published: Jan 13, 2026
Source: NVD