Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,856
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,661 - 13,680 of 14,399 CVEs
CVE-2025-59961 MEDIUM - 5.5

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resou...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-59959 MEDIUM - 5.5

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertisin...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-52987 MEDIUM - 6.1

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting...

Vendor: Juniper Networks
Product: Paragon Automation (Pathfinder, Planner, Insights)
Published: Jan 15, 2026
Source: NVD
CVE-2026-23766 MEDIUM - 4.1

Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already exclude sidecar injection entir...

Vendor: Istio
Product: Istio
Published: Jan 15, 2026
Source: NVD
CVE-2026-23511 MEDIUM - 5.3

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames ...

Vendor: zitadel
Product: zitadel
Published: Jan 15, 2026
Source: NVD
CVE-2025-65349 MEDIUM - 5.4

A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at /in...

Vendor: eachitaly
Product: wireless_mini_router_wireless-n_300m_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2025-15265 MEDIUM - 6.1

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users&#...

Vendor: svelte
Product: svelte
Published: Jan 15, 2026
Source: NVD
CVE-2025-70303 MEDIUM - 5.5

A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70302 MEDIUM - 5.5

A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70299 MEDIUM - 6.5

A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.

Vendor: n/a
Product: n/a
Published: Jan 15, 2026
Source: NVD
CVE-2026-23496 MEDIUM - 5.4

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that ...

Vendor: pimcore
Product: pimcore
Published: Jan 15, 2026
Source: NVD
CVE-2026-23495 MEDIUM - 4.3

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, ...

Vendor: pimcore
Product: pimcore
Published: Jan 15, 2026
Source: NVD
CVE-2026-23494 MEDIUM - 6.5

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined v...

Vendor: pimcore
Product: pimcore
Published: Jan 15, 2026
Source: NVD
CVE-2026-23493 MEDIUM - 4.9

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered thro...

Vendor: pimcore
Product: pimcore
Published: Jan 15, 2026
Source: NVD
CVE-2026-20076 MEDIUM - 4.8

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied ...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: Jan 15, 2026
Source: NVD
CVE-2026-20075 MEDIUM - 4.8

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This ...

Vendor: Cisco
Product: Cisco Evolved Programmable Network Manager (EPNM), Cisco Prime Infrastructure
Published: Jan 15, 2026
Source: NVD
CVE-2026-20047 MEDIUM - 4.8

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due t...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: Jan 15, 2026
Source: NVD
CVE-2025-70310 MEDIUM - 5.5

A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70309 MEDIUM - 5.5

A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD
CVE-2025-70305 MEDIUM - 5.5

A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.

Vendor: gpac
Product: gpac
Published: Jan 15, 2026
Source: NVD