6.9

CVSS4.0

CVE-2026-22189 - Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack bu…

πŸ“… Published: Jan. 7, 2026, 8:25 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 5:59 p.m.

9.3

CVSS4.0

CVE-2026-22184 - zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an arc…

πŸ“… Published: Jan. 7, 2026, 8:25 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 8:16 a.m.

8.6

CVSS4.0

CVE-2025-66620 - Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file …

πŸ“… Published: Jan. 7, 2026, 8:08 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 6:08 p.m.

7.1

CVSS4.0

CVE-2025-64305 - Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.

πŸ“… Published: Jan. 7, 2026, 8:02 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 6:08 p.m.

8.7

CVSS4.0

CVE-2025-61939 - Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endp…

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker contro…

πŸ“… Published: Jan. 7, 2026, 7:56 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 6:08 p.m.

6.1

CVSS3.1

CVE-2026-0670 - Stored XSS through a system message and a user-provided parameter in ProofreadPage

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.

πŸ“… Published: Jan. 7, 2026, 6:55 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 6:08 p.m.

7.6

CVSS3.1

CVE-2025-69262 - pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code …

πŸ“… Published: Jan. 7, 2026, 6:51 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 9:50 p.m.

0.0

CVE-2026-22579 -

Not used

πŸ“… Published: Jan. 7, 2026, 6:30 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 3:55 a.m.

0.0

CVE-2026-22580 -

Not used

πŸ“… Published: Jan. 7, 2026, 6:30 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 3:55 a.m.

0.0

CVE-2026-22581 -

Not used

πŸ“… Published: Jan. 7, 2026, 6:30 p.m. πŸ”„ Last Modified: Jan. 8, 2026, 3:55 a.m.
Total resulsts: 327160
Page 63 of 32,716
Β« previous page Β» next page
Filters