Total CVEs

142,888

Critical Severity

4,037

High Severity

14,476

Last 7 Days

1,302
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 13,921 - 13,940 of 14,508 CVEs
CVE-2026-21308 MEDIUM - 5.5

Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a ...

Vendor: adobe
Product: substance_3d_designer
Published: Jan 13, 2026
Source: NVD
CVE-2025-68925 MEDIUM - 5.3

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2.

Vendor: samrocketman
Product: jervis
Published: Jan 13, 2026
Source: NVD
CVE-2025-37179 MEDIUM - 5.3

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2025-37177 MEDIUM - 6.5

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the a...

Vendor: arubanetworks
Product: arubaos
Published: Jan 13, 2026
Source: NVD
CVE-2026-22791 MEDIUM - 6.6

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public ke...

Published: Jan 13, 2026
Source: NVD
CVE-2026-21288 MEDIUM - 5.5

Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user int...

Vendor: adobe
Product: illustrator
Published: Jan 13, 2026
Source: NVD
CVE-2026-21278 MEDIUM - 5.5

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vi...

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2025-68949 MEDIUM - 5.3

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured wh...

Vendor: n8n
Product: n8n
Published: Jan 13, 2026
Source: NVD
CVE-2026-21265 MEDIUM - 6.4

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes relat...

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20962 MEDIUM - 4.4

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1809
Published: Jan 13, 2026
Source: NVD
CVE-2026-20959 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20958 MEDIUM - 5.4

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20939 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20937 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20936 MEDIUM - 4.3

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20935 MEDIUM - 6.2

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-20932 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20927 MEDIUM - 5.3

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20925 MEDIUM - 6.5

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Jan 13, 2026
Source: NVD
CVE-2026-20876 MEDIUM - 6.7

Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_23h2
Published: Jan 13, 2026
Source: NVD