Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14327 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-15 | 7.5 High |
| Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. | ||||
| CVE-2025-66177 | 1 Hikvision | 99 Ds-2cd1xx1, Ds-2cd1xxxg0(t), Ds-2cd1xxxg2 and 96 more | 2026-01-15 | 8.8 High |
| There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. | ||||
| CVE-2026-0532 | 1 Elastic | 1 Kibana | 2026-01-15 | 8.6 High |
| External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads. | ||||
| CVE-2025-9142 | 1 Checkpoint | 1 Harmony Sase | 2026-01-15 | 7.5 High |
| A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory. | ||||
| CVE-2025-48371 | 1 Openfga | 2 Helm Charts, Openfga | 2026-01-15 | 8.8 High |
| OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible. | ||||
| CVE-2025-66877 | 1 Libming | 1 Libming | 2026-01-15 | 7.5 High |
| Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. | ||||
| CVE-2025-66869 | 1 Libming | 1 Libming | 2026-01-15 | 7.5 High |
| Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8. | ||||
| CVE-2025-67255 | 1 Nagios | 2 Nagios Xi, Xi | 2026-01-15 | 8.8 High |
| In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability. | ||||
| CVE-2025-67254 | 1 Nagios | 2 Nagios Xi, Xi | 2026-01-15 | 7.5 High |
| NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. | ||||
| CVE-2025-11192 | 2 Extreme Networks, Extremenetworks | 2 Fabric Engine, Fabric Engine \(voss\) | 2026-01-15 | 8.6 High |
| A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data. | ||||
| CVE-2025-68617 | 1 Fluidsynth | 1 Fluidsynth | 2026-01-15 | 7 High |
| FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support. | ||||
| CVE-2025-12053 | 1 Insyde | 1 Insydeh2o | 2026-01-14 | 7.8 High |
| The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. | ||||
| CVE-2025-12052 | 1 Insyde | 1 Insydeh2o | 2026-01-14 | 7.8 High |
| The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. | ||||
| CVE-2025-12051 | 1 Insyde | 1 Insydeh2o | 2026-01-14 | 7.8 High |
| The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. | ||||
| CVE-2025-12050 | 1 Insyde | 1 Insydeh2o | 2026-01-14 | 7.8 High |
| The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. | ||||
| CVE-2026-22601 | 1 Openproject | 1 Openproject | 2026-01-14 | 7.2 High |
| OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2. | ||||
| CVE-2025-58149 | 1 Xen | 1 Xen | 2026-01-14 | 7.5 High |
| When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m. | ||||
| CVE-2025-58148 | 1 Xen | 1 Xen | 2026-01-14 | 7.5 High |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer. | ||||
| CVE-2025-58147 | 1 Xen | 1 Xen | 2026-01-14 | 7.5 High |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer. | ||||
| CVE-2025-64699 | 1 Sevencs | 2 Ec2007 Kernel, Orca G2 | 2026-01-14 | 7.8 High |
| An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation. | ||||