Total
4304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63223 | 1 Axeltechnology | 2 Streamermax Mk Ii, Streamermax Mk Ii Firmware | 2026-01-15 | N/A | 9.8 CRITICAL |
| The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | |||||
| CVE-2026-20839 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 5.5 MEDIUM |
| Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-20843 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 7.8 HIGH |
| Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-20825 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-01-15 | N/A | 4.4 MEDIUM |
| Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-0547 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-22605 | 1 Openproject | 1 Openproject | 2026-01-14 | N/A | 4.3 MEDIUM |
| OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3. | |||||
| CVE-2026-0386 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-01-14 | N/A | 7.5 HIGH |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | |||||
| CVE-2023-28396 | 1 Intel | 2 Jhl8440, Jhl8440 Firmware | 2026-01-14 | N/A | 6.1 MEDIUM |
| Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. | |||||
| CVE-2023-35121 | 1 Intel | 16 Advisor, Cluster Checker, Distribution For Python and 13 more | 2026-01-14 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-46297 | 1 Apple | 1 Macos | 2026-01-14 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container. | |||||
| CVE-2025-46299 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-01-14 | N/A | 4.3 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app. | |||||
| CVE-2025-14338 | 2026-01-14 | N/A | N/A | ||
| Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005. | |||||
| CVE-2025-30100 | 1 Dell | 1 Alienware Command Center | 2026-01-14 | N/A | 6.7 MEDIUM |
| Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-27689 | 1 Dell | 1 Idrac Tools | 2026-01-13 | N/A | 7.8 HIGH |
| Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2023-33947 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-13 | N/A | 2.7 LOW |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | |||||
| CVE-2023-33946 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-13 | N/A | 2.7 LOW |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | |||||
| CVE-2026-21694 | 1 Kromit | 1 Titra | 2026-01-12 | N/A | 6.8 MEDIUM |
| Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50. | |||||
| CVE-2025-15415 | 1 Wang.market | 1 Wangmarket | 2026-01-12 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-63221 | 1 Axeltechnology | 2 Puma, Puma Firmware | 2026-01-12 | N/A | 9.1 CRITICAL |
| The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | |||||
| CVE-2025-63219 | 1 Itel | 2 Iso-fm, Iso-fm Firmware | 2026-01-12 | N/A | 7.5 HIGH |
| The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and compromise system integrity. | |||||