Export limit exceeded: 345813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43140 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61987 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed. | ||||
| CVE-2025-20756 | 1 Mediatek | 38 Mt2735, Mt6833, Mt6833p and 35 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643. | ||||
| CVE-2025-20703 | 1 Mediatek | 63 Modem, Mt2735, Mt2737 and 60 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708. | ||||
| CVE-2025-20659 | 1 Mediatek | 170 Mt2735, Mt2735 Firmware, Mt2737 and 167 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768. | ||||
| CVE-2025-20644 | 1 Mediatek | 41 Mt2735, Mt2737, Mt6833 and 38 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747. | ||||
| CVE-2024-20154 | 1 Mediatek | 56 Lr12a, Lr13, Mt2735 and 53 more | 2026-02-17 | 8.8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. | ||||
| CVE-2025-64781 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL. | ||||
| CVE-2025-70083 | 1 Opensatkit | 1 Opensatkit | 2026-02-17 | 7.8 High |
| An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow. | ||||
| CVE-2025-70085 | 1 Opensatkit | 1 Opensatkit | 2026-02-17 | 9.8 Critical |
| An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length. | ||||
| CVE-2026-2574 | 1 Gnome | 1 Glib-networking | 2026-02-17 | 5.4 Medium |
| A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory. | ||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 43 Ubuntu Linux, Debian Linux, Fedora and 40 more | 2026-02-13 | 7.8 High |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | ||||
| CVE-2021-35942 | 4 Debian, Gnu, Netapp and 1 more | 8 Debian Linux, Glibc, Active Iq Unified Manager and 5 more | 2026-02-13 | 9.1 Critical |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | ||||
| CVE-2025-62453 | 2 Github, Microsoft | 2 Copilot, Visual Studio Code | 2026-02-13 | 5 Medium |
| Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62202 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-13 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-60728 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2026-02-13 | 4.3 Medium |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-60726 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-13 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-60706 | 1 Microsoft | 23 Hyper-v, Windows, Windows 10 and 20 more | 2026-02-13 | 5.5 Medium |
| Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59513 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1607 and 22 more | 2026-02-13 | 5.5 Medium |
| Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-63653 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-13 | 7.5 High |
| An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||
| CVE-2025-63656 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-13 | 7.5 High |
| An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||