Total
329712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13925 | 1 Ibm | 1 Aspera Console | 2026-01-26 | 4.9 Medium |
| IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2025-1719 | 1 Ibm | 1 Concert | 2026-01-26 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | ||||
| CVE-2026-0907 | 1 Google | 1 Chrome | 2026-01-26 | 9.8 Critical |
| Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-9278 | 1 Rockwellautomation | 1 Armorstart Lt | 2026-01-26 | N/A |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible. | ||||
| CVE-2025-9281 | 1 Rockwellautomation | 1 Armorstart Lt | 2026-01-26 | N/A |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots | ||||
| CVE-2025-9283 | 1 Rockwellautomation | 1 Armorstart Lt | 2026-01-26 | N/A |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | ||||
| CVE-2025-11743 | 1 Rockwellautomation | 1 Compactlogix 5370 | 2026-01-26 | N/A |
| A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover. | ||||
| CVE-2025-14369 | 1 Mackron | 1 Dr Flac | 2026-01-26 | 5.5 Medium |
| dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool. | ||||
| CVE-2025-14376 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-01-26 | N/A |
| A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024. | ||||
| CVE-2025-14533 | 2 Hwk-fr, Wordpress | 2 Advanced Custom Fields, Wordpress | 2026-01-26 | 9.8 Critical |
| The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field. | ||||
| CVE-2025-44000 | 1 Meddream | 1 Pacs Premium | 2026-01-26 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-53854 | 1 Meddream | 1 Pacs Premium | 2026-01-26 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-9280 | 1 Rockwellautomation | 1 Armorstart Lt | 2026-01-26 | N/A |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot. | ||||
| CVE-2026-21641 | 1 Revive | 1 Adserver | 2026-01-26 | N/A |
| HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts. | ||||
| CVE-2025-9465 | 1 Rockwellautomation | 1 Armorstart Lt | 2026-01-26 | N/A |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | ||||
| CVE-2025-59464 | 1 Nodejs | 1 Nodejs | 2026-01-26 | 6.5 Medium |
| A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service. | ||||
| CVE-2026-0905 | 1 Google | 1 Chrome | 2026-01-26 | 9.8 Critical |
| Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium) | ||||
| CVE-2026-0906 | 1 Google | 2 Android, Chrome | 2026-01-26 | 9.8 Critical |
| Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-22770 | 1 Imagemagick | 1 Imagemagick | 2026-01-26 | 6.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue. | ||||
| CVE-2026-21642 | 1 Revive | 1 Adserver | 2026-01-26 | N/A |
| HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed. | ||||