Total
13017 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5499 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 7.3 High |
| A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-5498 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 5.5 Medium |
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-49968 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-01-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. | ||||
| CVE-2025-12945 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-01-16 | 7.2 High |
| A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. | ||||
| CVE-2026-21858 | 1 N8n | 1 N8n | 2026-01-16 | 10 Critical |
| n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0. | ||||
| CVE-2026-0976 | 1 Redhat | 3 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp | 2026-01-16 | 3.7 Low |
| A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable. | ||||
| CVE-2025-63213 | 1 Qvidium | 2 Opera11, Opera11 Firmware | 2026-01-15 | 9.8 Critical |
| The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software. | ||||
| CVE-2025-68964 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 6.2 Medium |
| Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68970 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.1 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-64990 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-14 | 6.8 Medium |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | ||||
| CVE-2025-64989 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-14 | 7.2 High |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | ||||
| CVE-2025-64988 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-14 | 7.2 High |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | ||||
| CVE-2025-64986 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-14 | 7.2 High |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | ||||
| CVE-2025-64987 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-14 | 7.2 High |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | ||||
| CVE-2025-46266 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-01-14 | 4.3 Medium |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information. | ||||
| CVE-2025-44016 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-01-14 | 8.8 High |
| A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context. | ||||
| CVE-2025-12687 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-01-14 | 6.5 Medium |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination. | ||||
| CVE-2025-66866 | 1 Gnu | 1 Binutils | 2026-01-14 | 5.5 Medium |
| An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66864 | 1 Gnu | 1 Binutils | 2026-01-14 | 5.5 Medium |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2018-0296 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2026-01-14 | 7.5 High |
| A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. | ||||