Total
328074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59469 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup or Tape Operator to write files as root. | |||||
| CVE-2025-59468 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | |||||
| CVE-2026-21267 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | N/A | 8.6 HIGH |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | |||||
| CVE-2026-21268 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | N/A | 8.6 HIGH |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | |||||
| CVE-2026-21271 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | N/A | 8.6 HIGH |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | |||||
| CVE-2026-21272 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | N/A | 8.6 HIGH |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | |||||
| CVE-2026-21274 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | N/A | 7.8 HIGH |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-14687 | 1 Ibm | 1 Db2 Intelligence Center | 2026-01-14 | N/A | 4.3 MEDIUM |
| IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. | |||||
| CVE-2025-15391 | 1 Dlink | 2 Dir-806a, Dir-806a Firmware | 2026-01-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-20822 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-14 | N/A | 7.8 HIGH |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-45819 | 1 Xen | 1 Xen | 2026-01-14 | N/A | 5.5 MEDIUM |
| PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | |||||
| CVE-2025-36437 | 1 Ibm | 1 Planning Analytics Local | 2026-01-14 | N/A | 4.3 MEDIUM |
| IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | |||||
| CVE-2025-2529 | 1 Ibm | 1 Terracotta | 2026-01-14 | N/A | 2.9 LOW |
| Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way. | |||||
| CVE-2026-21224 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-01-14 | N/A | 7.8 HIGH |
| Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-15398 | 1 Uatech | 1 Badaso | 2026-01-14 | 2.6 LOW | 3.7 LOW |
| A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-20821 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 6.2 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-20820 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-14 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-64699 | 1 Sevencs | 2 Ec2007 Kernel, Orca G2 | 2026-01-14 | N/A | 7.8 HIGH |
| An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation. | |||||
| CVE-2026-20819 | 1 Microsoft | 3 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 | 2026-01-14 | N/A | 5.5 MEDIUM |
| Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-20818 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-01-14 | N/A | 6.2 MEDIUM |
| Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | |||||