Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,856
Quick preset (or use dates below)
Clear Filters
Showing 13,841 - 13,860 of 14,782 CVEs
CVE-2026-20829 MEDIUM - 5.5

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20828 MEDIUM - 4.6

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20827 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20825 MEDIUM - 4.4

Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20824 MEDIUM - 5.5

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20823 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20821 MEDIUM - 6.2

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20819 MEDIUM - 5.5

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20818 MEDIUM - 6.2

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_server_2016
Published: Jan 13, 2026
Source: NVD
CVE-2026-20812 MEDIUM - 6.5

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20805 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2025-8090 MEDIUM - 6.2

Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.

Published: Jan 13, 2026
Source: NVD
CVE-2025-65784 MEDIUM - 6.5

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.

Published: Jan 13, 2026
Source: NVD
CVE-2025-58693 MEDIUM - 6.5

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

Vendor: fortinet
Product: fortivoice
Published: Jan 13, 2026
Source: NVD
CVE-2025-46684 MEDIUM - 6.6

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.

Published: Jan 13, 2026
Source: NVD
CVE-2024-54855 MEDIUM - 6.4

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.

Published: Jan 13, 2026
Source: NVD
CVE-2025-55462 MEDIUM - 6.5

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticated ...

Published: Jan 13, 2026
Source: NVD
CVE-2026-0890 MEDIUM - 5.4

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0888 MEDIUM - 5.3

Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD
CVE-2026-0887 MEDIUM - 4.3

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

Vendor: mozilla
Product: firefox
Published: Jan 13, 2026
Source: NVD