Total
326097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59508 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2026-01-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59507 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2026-01-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59506 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1607 and 21 more | 2026-01-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59505 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1607 and 21 more | 2026-01-02 | 7.8 High |
| Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59504 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-01-02 | 7.3 High |
| Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-64656 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-01-02 | 9.4 Critical |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-66953 | 1 Nardamiteq | 2 Upc2, Upc2 Firmware | 2026-01-02 | 8.8 High |
| CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints | ||||
| CVE-2022-50799 | 2026-01-02 | 7.5 High | ||
| Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application. | ||||
| CVE-2025-67073 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more | 2026-01-02 | 9.8 Critical |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-67074 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more | 2026-01-02 | 6.5 Medium |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-68916 | 1 Riello-ups | 1 Netman 208 | 2026-01-02 | 9.1 Critical |
| Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution. | ||||
| CVE-2025-15394 | 2026-01-02 | 4.7 Medium | ||
| A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-66148 | 2026-01-02 | 5.4 Medium | ||
| Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7. | ||||
| CVE-2025-66146 | 2026-01-02 | 5.4 Medium | ||
| Missing Authorization vulnerability in merkulove Logger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-68935 | 1 Onlyoffice | 1 Document Server | 2026-01-02 | 6.4 Medium |
| ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. | ||||
| CVE-2025-68936 | 1 Onlyoffice | 1 Document Server | 2026-01-02 | 6.4 Medium |
| ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. | ||||
| CVE-2025-68938 | 1 Gitea | 1 Gitea | 2026-01-02 | 4.3 Medium |
| Gitea before 1.25.2 mishandles authorization for deletion of releases. | ||||
| CVE-2025-66145 | 2026-01-02 | 5.4 Medium | ||
| Missing Authorization vulnerability in merkulove Worker for WPBakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through 1.1.1. | ||||
| CVE-2025-68939 | 1 Gitea | 1 Gitea | 2026-01-02 | 8.2 High |
| Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API. | ||||
| CVE-2025-23705 | 2026-01-02 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through 2.5.0. | ||||