Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
Showing 13,801 - 13,820 of 14,782 CVEs
CVE-2025-68658 MEDIUM - 4.8

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authenticated user with the permission “Configuratio...

Vendor: opensourcepos
Product: open_source_point_of_sale
Published: Jan 13, 2026
Source: NVD
CVE-2026-21303 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a v...

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21302 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a v...

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21301 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21300 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-0543 MEDIUM - 6.5

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connecto...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD
CVE-2026-0531 MEDIUM - 6.5

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD
CVE-2026-0530 MEDIUM - 6.5

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or ...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD
CVE-2026-22818 MEDIUM - 6.5

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define ...

Vendor: hono
Product: hono
Published: Jan 13, 2026
Source: NVD
CVE-2026-22817 MEDIUM - 6.5

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. ...

Vendor: hono
Product: hono
Published: Jan 13, 2026
Source: NVD
CVE-2026-22809 MEDIUM - 4.4

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter. This vulnerability is fixed in 1.29.0.

Vendor: amauri
Product: tarteaucitronjs
Published: Jan 13, 2026
Source: NVD
CVE-2026-21308 MEDIUM - 5.5

Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a ...

Vendor: adobe
Product: substance_3d_designer
Published: Jan 13, 2026
Source: NVD
CVE-2025-68925 MEDIUM - 5.3

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-37179 MEDIUM - 5.3

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37177 MEDIUM - 6.5

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the a...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2026-22791 MEDIUM - 6.6

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public ke...

Published: Jan 13, 2026
Source: NVD
CVE-2026-21288 MEDIUM - 5.5

Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user int...

Vendor: adobe
Product: illustrator
Published: Jan 13, 2026
Source: NVD
CVE-2026-21278 MEDIUM - 5.5

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vi...

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2025-68949 MEDIUM - 5.3

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured wh...

Vendor: n8n
Product: n8n
Published: Jan 13, 2026
Source: NVD
CVE-2026-21265 MEDIUM - 6.4

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes relat...

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD