Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Jan 30, 2026 05:43:19 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2025-12899

Jan 30, 2026 05:34:19 UTC

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networ...

CVE-2026-1340

Jan 30, 2026 04:55:44 UTC

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CVE-2026-1281

Jan 30, 2026 04:55:43 UTC

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CVE-2026-1457

Jan 30, 2026 04:55:42 UTC

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbi...

CVE-2025-13399

Jan 30, 2026 04:55:41 UTC

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authenticat...

CVE-2025-15545

Jan 30, 2026 04:55:41 UTC

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with r...

CVE-2026-24747

Jan 30, 2026 04:55:40 UTC

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load...

CVE-2023-4822

Jan 30, 2026 04:55:38 UTC

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions...

CVE-2026-24714

Jan 30, 2026 03:53:30 UTC

Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.

CVE-2026-24729

Jan 30, 2026 03:50:31 UTC

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.

CVE-2026-24728

Jan 30, 2026 03:48:28 UTC

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authenti...

CVE-2026-20960

Jan 30, 2026 03:40:08 UTC

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

CVE-2026-20831

Jan 30, 2026 03:40:08 UTC

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-21509

Jan 30, 2026 03:40:07 UTC

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.