Total CVEs

142,588

Critical Severity

4,002

High Severity

14,356

Last 7 Days

1,797
Quick preset (or use dates below)
Clear Filters
Showing 13,701 - 13,720 of 14,356 CVEs
CVE-2025-46067 HIGH - 8.2

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file

Vendor: automai
Product: director
Published: Jan 12, 2026
Source: NVD
CVE-2025-71063 HIGH - 8.2

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

Published: Jan 12, 2026
Source: NVD
CVE-2025-14279 HIGH - 8.1

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attac...

Published: Jan 12, 2026
Source: NVD
CVE-2026-0855 HIGH - 8.8

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Published: Jan 12, 2026
Source: NVD
CVE-2026-0854 HIGH - 8.8

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Published: Jan 12, 2026
Source: NVD
CVE-2025-69276 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69274 HIGH - 8.8

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69273 HIGH - 7.5

Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69272 HIGH - 7.5

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2025-69271 HIGH - 7.5

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

Vendor: broadcom
Product: dx_netops_spectrum
Published: Jan 12, 2026
Source: NVD
CVE-2026-0850 HIGH - 7.2

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The attack may be launched remotely. The exploit has been p...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 11, 2026
Source: NVD
CVE-2025-68493 HIGH - 8.1

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Vendor: apache
Product: struts
Published: Jan 11, 2026
Source: NVD
CVE-2026-0841 HIGH - 8.8

A vulnerability was detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0840 HIGH - 8.8

A security vulnerability has been detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit h...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0839 HIGH - 8.8

A weakness has been identified in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and cou...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0838 HIGH - 8.8

A security flaw has been discovered in UTT ่ฟ›ๅ– 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0837 HIGH - 8.8

A vulnerability was identified in UTT ่ฟ›ๅ– 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor wa...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0836 HIGH - 8.8

A vulnerability was determined in UTT ่ฟ›ๅ– 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed ...

Vendor: utt
Product: 520w_firmware
Published: Jan 11, 2026
Source: NVD
CVE-2026-0822 HIGH - 8.8

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The ...

Vendor: quickjs-ng
Product: quickjs
Published: Jan 10, 2026
Source: NVD
CVE-2025-62235 HIGH - 8.1

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bondย and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue...

Vendor: apache
Product: nimble
Published: Jan 10, 2026
Source: NVD