Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
10,065 matching · page 151/202Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-20839(opens NVD record) | Medium | 5.5 | Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20838(opens NVD record) | Medium | 5.5 | Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20837(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | Jan 13, 2026 |
| CVE-2026-20836(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20835(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20834(opens NVD record) | Medium | 4.6 | Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | Jan 13, 2026 |
| CVE-2026-20833(opens NVD record) | Medium | 5.5 | Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20832(opens NVD record) | High | 7.8 | Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability | Jan 13, 2026 |
| CVE-2026-20831(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20830(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20829(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20828(opens NVD record) | Medium | 4.6 | Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. | Jan 13, 2026 |
| CVE-2026-20827(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20826(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20825(opens NVD record) | Medium | 4.4 | Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20824(opens NVD record) | Medium | 5.5 | Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally. | Jan 13, 2026 |
| CVE-2026-20823(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20822(opens NVD record) | High | 7.8 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20821(opens NVD record) | Medium | 6.2 | Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20820(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20819(opens NVD record) | Medium | 5.5 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20818(opens NVD record) | Medium | 6.2 | Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20817(opens NVD record) | High | 7.8 | Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20816(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20815(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20814(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20812(opens NVD record) | Medium | 6.5 | Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network. | Jan 13, 2026 |
| CVE-2026-20811(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20810(opens NVD record) | High | 7.8 | Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20809(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20808(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. | Jan 13, 2026 |
| CVE-2026-20805(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | Jan 13, 2026 |
| CVE-2026-20804(opens NVD record) | High | 7.7 | Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | Jan 13, 2026 |
| CVE-2026-20803(opens NVD record) | High | 7.2 | Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. | Jan 13, 2026 |
| CVE-2026-0386(opens NVD record) | High | 7.5 | Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | Jan 13, 2026 |
| CVE-2025-67685(opens NVD record) | Low | 3.8 | A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. | Jan 13, 2026 |
| CVE-2025-65784(opens NVD record) | Medium | 6.5 | Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. | Jan 13, 2026 |
| CVE-2025-64155(opens NVD record) | Critical | 9.8 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests. | Jan 13, 2026 |
| CVE-2025-59922(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | Jan 13, 2026 |
| CVE-2025-58693(opens NVD record) | Medium | 6.5 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. | Jan 13, 2026 |
| CVE-2025-46685(opens NVD record) | High | 7.5 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Jan 13, 2026 |
| CVE-2025-46684(opens NVD record) | Medium | 6.6 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | Jan 13, 2026 |
| CVE-2025-25249(opens NVD record) | High | 8.1 | A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets | Jan 13, 2026 |
| CVE-2025-66698(opens NVD record) | High | 8.6 | An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. | Jan 13, 2026 |
| CVE-2025-65783(opens NVD record) | Critical | 9.8 | An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. | Jan 13, 2026 |
| CVE-2024-54855(opens NVD record) | Medium | 6.4 | fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. | Jan 13, 2026 |
| CVE-2025-55462(opens NVD record) | Medium | 6.5 | A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticated cross-origin requests against the Eramba API, including endpoints like /system-api/login and /system-api/user/me. The response includes sensitive user session data (ID, name, email, access groups), which is accessible to the attacker's JavaScript. This flaw enables full session hijack and data exfiltration without user interaction. Eramba versions 3.23.3 and earlier were tested and appear unaffected. The vulnerability is present in default installations, requiring no custom configuration. | Jan 13, 2026 |
| CVE-2025-13447(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | Jan 13, 2026 |
| CVE-2025-13444(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | Jan 13, 2026 |
| CVE-2025-9435(opens NVD record) | Medium | 5.5 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | Jan 13, 2026 |