Export limit exceeded: 17240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 17240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21130 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2021-3926 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8460 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8459 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8458 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8457 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8456 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8455 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8454 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8453 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8452 | 2026-01-22 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | ||||
| CVE-2020-8451 | 2026-01-22 | N/A | ||
| The reserved CVE was never used. | ||||
| CVE-2026-21427 | 1 Pioneer | 10 Stellanova Lite Aps-s201jgl, Stellanova Lite Aps-s201jgr, Stellanova Lite Aps-s201jr and 7 more | 2026-01-22 | N/A |
| The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. | ||||
| CVE-2025-7425 | 1 Redhat | 16 Cert Manager, Discovery, Enterprise Linux and 13 more | 2026-01-22 | 7.8 High |
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. | ||||
| CVE-2024-23807 | 1 Apache | 2 Xerces-c, Xerces-c\+\+ | 2026-01-22 | 8.1 High |
| The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4. | ||||
| CVE-2023-1393 | 3 Fedoraproject, Redhat, X.org | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2026-01-22 | 7.8 High |
| A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | ||||
| CVE-2025-13439 | 2 Radykal, Wordpress | 2 Fancy Product Designer, Wordpress | 2026-01-22 | 5.9 Medium |
| The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpd_custom_uplod_file' AJAX action, which flows directly into the 'getimagesize' function without sanitization. This makes it possible for unauthenticated attackers to read arbitrary sensitive files from the server, including wp-config.php. | ||||
| CVE-2025-32990 | 2 Gnu, Redhat | 9 Gnutls, Ceph Storage, Discovery and 6 more | 2026-01-22 | 6.5 Medium |
| A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | ||||
| CVE-2025-32988 | 2 Gnu, Redhat | 9 Gnutls, Ceph Storage, Discovery and 6 more | 2026-01-22 | 6.5 Medium |
| A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior. | ||||
| CVE-2025-8114 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-01-22 | 4.7 Medium |
| A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | ||||