Total
327968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20953 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-01-14 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-12687 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-01-14 | N/A | 6.5 MEDIUM |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination. | |||||
| CVE-2026-20952 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-01-14 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20950 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-01-14 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20955 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-01-14 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20956 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-01-14 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20957 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-01-14 | N/A | 7.8 HIGH |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2019-25254 | 1 Kyocera | 1 Net Admin | 2026-01-14 | N/A | 5.3 MEDIUM |
| KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page. | |||||
| CVE-2019-25253 | 1 Kyocera | 1 Net Admin | 2026-01-14 | N/A | 7.5 HIGH |
| KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack. | |||||
| CVE-2023-41173 | 1 Adguard | 1 Adguard Dns | 2026-01-14 | N/A | 7.5 HIGH |
| AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | |||||
| CVE-2026-22198 | 1 Gestsup | 1 Gestsup | 2026-01-14 | N/A | 6.1 MEDIUM |
| GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an unauthenticated attacker can cause attacker-controlled HTML/JavaScript to be written to log entries. When an administrator later views the affected logs in the web interface, the injected content is rendered without proper output encoding, resulting in arbitrary script execution in the administrator’s browser session. | |||||
| CVE-2025-66866 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 7.5 HIGH |
| An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||||
| CVE-2026-22197 | 1 Gestsup | 1 Gestsup | 2026-01-14 | N/A | 8.1 HIGH |
| GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | |||||
| CVE-2025-66865 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 7.5 HIGH |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||||
| CVE-2025-66864 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 7.5 HIGH |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||||
| CVE-2025-66863 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 7.5 HIGH |
| An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||||
| CVE-2026-22196 | 1 Gestsup | 1 Gestsup | 2026-01-14 | N/A | 8.1 HIGH |
| GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | |||||
| CVE-2026-22195 | 1 Gestsup | 1 Gestsup | 2026-01-14 | N/A | 8.1 HIGH |
| GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | |||||
| CVE-2025-66862 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||||
| CVE-2025-66861 | 1 Gnu | 1 Binutils | 2026-01-14 | N/A | 2.5 LOW |
| An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | |||||