Total CVEs

142,666

Critical Severity

4,018

High Severity

14,386

Last 7 Days

1,420
Quick preset (or use dates below)
Clear Filters
Showing 14,121 - 14,140 of 14,805 CVEs
CVE-2026-21502 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21499 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21498 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21497 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21496 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21495 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-0668 MEDIUM - 5.3

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.

Published: Jan 07, 2026
Source: NVD
CVE-2025-66560 MEDIUM - 5.9

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writte...

Published: Jan 07, 2026
Source: NVD
CVE-2025-61782 MEDIUM - 6.1

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker ...

Vendor: citeum
Product: opencti
Published: Jan 07, 2026
Source: NVD
CVE-2025-4677 MEDIUM - 6.5

Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

Published: Jan 07, 2026
Source: NVD
CVE-2026-20029 MEDIUM - 4.9

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due t...

Published: Jan 07, 2026
Source: NVD
CVE-2026-20027 MEDIUM - 5.3

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

Published: Jan 07, 2026
Source: NVD
CVE-2026-20026 MEDIUM - 5.8

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vu...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0618 MEDIUM - 6.1

Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.

Published: Jan 07, 2026
Source: NVD
CVE-2025-66837 MEDIUM - 6.8

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware

Vendor: softwareag
Product: aris
Published: Jan 07, 2026
Source: NVD
CVE-2025-66686 MEDIUM - 6.1

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the β€œHelp button url” setting within the admin panel. The injected payload is stored and executed when any authenticat...

Vendor: grabaperch
Product: perch
Published: Jan 07, 2026
Source: NVD
CVE-2025-61489 MEDIUM - 6.5

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

Published: Jan 07, 2026
Source: NVD
CVE-2025-4675 MEDIUM - 6.5

Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

Published: Jan 07, 2026
Source: NVD
CVE-2025-66838 MEDIUM - 6.5

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion s...

Vendor: softwareag
Product: aris
Published: Jan 07, 2026
Source: NVD
CVE-2025-62327 MEDIUM - 4.9

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.

Published: Jan 07, 2026
Source: NVD