Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52951 | 2 Juniper, Juniper Networks | 2 Junos, Junos Os | 2026-01-23 | 5.8 Medium |
| A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as an 'accept' for all traffic on the interface destined for the control plane, even when used in combination with other match criteria. This issue only affects firewall filters protecting the device's control plane. Transit firewall filtering is unaffected by this vulnerability. This issue affects Junos OS: * all versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S2, 24.4R2. This is a more complete fix for previously published CVE-2024-21607 (JSA75748). | ||||
| CVE-2026-0881 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 10 Critical |
| Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2023-32409 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-01-13 | 8.6 High |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2022-48219 | 1 Hp | 76 Elite Mini 600 G9, Elite Mini 600 G9 Desktop Pc, Elite Mini 600 G9 Firmware and 73 more | 2026-01-09 | 6.4 Medium |
| Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | ||||
| CVE-2025-59849 | 2 Hcltech, Hcltechsw | 3 Bigfix Remote Control, Hcl Devops Deploy, Hcl Launch | 2026-01-06 | 4.7 Medium |
| Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | ||||
| CVE-2024-31142 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2026-01-05 | 7.5 High |
| Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html | ||||
| CVE-2025-68668 | 1 N8n | 1 N8n | 2026-01-05 | 9.9 Critical |
| n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. | ||||
| CVE-2025-65318 | 2 Canarymail, Microsoft | 2 Canary Mail, Windows | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-65319 | 1 Blixhq | 1 Bluemail | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-46291 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-46281 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 8.4 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-13326 | 1 Mattermost | 2 Mattermost, Mattermost Desktop | 2025-12-18 | 3.9 Low |
| Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder. | ||||
| CVE-2025-14303 | 1 Msi | 2 Intel 600, Intel 700 | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-14302 | 1 Gigabyte | 6 Amd 600, Amd 800, Amd Trx50 and 3 more | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-14304 | 1 Asrock | 4 Intel 500, Intel 600, Intel 700 and 1 more | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-14095 | 2 Microsoft, Radiometer | 7 Windows, Abl800 Basic Analyzer, Abl800 Flex Analyzer and 4 more | 2025-12-18 | 5.7 Medium |
| A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software. Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems. | ||||
| CVE-2024-30052 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-12-17 | 4.7 Medium |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-43413 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2025-12-17 | 7.5 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. A sandboxed app may be able to observe system-wide network connections. | ||||
| CVE-2023-34984 | 1 Fortinet | 1 Fortiweb | 2025-12-16 | 7.1 High |
| A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||