Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Jan 27, 2026 05:39:47 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2026-21408

Jan 27, 2026 05:08:20 UTC

beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.

CVE-2025-14756

Jan 27, 2026 04:55:38 UTC

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser dev...

CVE-2026-21509

Jan 27, 2026 04:55:37 UTC

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CVE-2018-14634

Jan 27, 2026 04:55:36 UTC

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel ve...

CVE-2026-22586

Jan 27, 2026 04:55:35 UTC

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. Thi...

CVE-2026-22585

Jan 27, 2026 04:55:33 UTC

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protoc...

CVE-2026-22583

Jan 27, 2026 04:55:32 UTC

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud E...

CVE-2026-22582

Jan 27, 2026 04:55:31 UTC

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud En...

CVE-2026-23760

Jan 27, 2026 04:55:30 UTC

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a rese...

CVE-2026-24061

Jan 27, 2026 04:55:29 UTC

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CVE-2025-52691

Jan 27, 2026 04:55:28 UTC

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

CVE-2026-1361

Jan 27, 2026 03:11:57 UTC

ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2025-23367

Jan 27, 2026 02:58:08 UTC

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspen...

CVE-2024-12369

Jan 27, 2026 02:57:56 UTC

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen ...