Total CVEs

142,588

Critical Severity

4,002

High Severity

14,356

Last 7 Days

1,814
Quick preset (or use dates below)
Clear Filters
Showing 13,661 - 13,680 of 14,356 CVEs
CVE-2025-13447 HIGH - 8.4

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Published: Jan 13, 2026
Source: NVD
CVE-2025-13444 HIGH - 8.4

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Published: Jan 13, 2026
Source: NVD
CVE-2026-0891 HIGH - 8.1

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0889 HIGH - 7.5

Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0882 HIGH - 8.8

Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0880 HIGH - 8.8

Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0878 HIGH - 8.0

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0877 HIGH - 8.1

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2025-11669 HIGH - 8.1

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

Published: Jan 13, 2026
Source: NVD
CVE-2025-13774 HIGH - 8.8

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

Published: Jan 13, 2026
Source: NVD
CVE-2026-0859 HIGH - 7.8

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...

Vendor: typo3
Product: typo3
Published: Jan 13, 2026
Source: NVD
CVE-2025-59022 HIGH - 8.1

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailab...

Vendor: typo3
Product: typo3
Published: Jan 13, 2026
Source: NVD
CVE-2025-40944 HIGH - 7.5

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLU...

Published: Jan 13, 2026
Source: NVD
CVE-2025-40942 HIGH - 7.8

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

Vendor: siemens
Product: telecontrol_server_basic
Published: Jan 13, 2026
Source: NVD
CVE-2025-41717 HIGH - 8.8

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code...

Published: Jan 13, 2026
Source: NVD
CVE-2025-66177 HIGH - 8.8

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Published: Jan 13, 2026
Source: NVD
CVE-2025-66176 HIGH - 8.8

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Vendor: hikvision
Product: ds-k1t331_firmware
Published: Jan 13, 2026
Source: NVD
CVE-2026-0511 HIGH - 8.1

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.

Published: Jan 13, 2026
Source: NVD
CVE-2026-0507 HIGH - 8.4

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execu...

Published: Jan 13, 2026
Source: NVD
CVE-2026-0506 HIGH - 8.1

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs a...

Vendor: sap
Product: netweaver_application_server_abap
Published: Jan 13, 2026
Source: NVD