Search Results (46152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33035 1 Qualcomm 181 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 178 more 2025-10-03 8.4 High
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-33016 1 Qualcomm 669 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 666 more 2025-10-03 6.8 Medium
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-23364 1 Qualcomm 359 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 356 more 2025-10-03 7.5 High
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
CVE-2024-23358 1 Qualcomm 107 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 104 more 2025-10-03 7.5 High
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-23359 1 Qualcomm 324 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 321 more 2025-10-03 8.2 High
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2025-10954 2 Phonenumbers Project, Textit 2 Phonenumbers, Phonenumbers 2025-10-03 5.3 Medium
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".
CVE-2014-2357 1 Subnet 1 Substation Server 2025-10-03 N/A
The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.
CVE-2025-55552 2 Linuxfoundation, Pytorch 2 Pytorch, Pytorch 2025-10-03 5.3 Medium
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-55554 2 Linuxfoundation, Pytorch 2 Pytorch, Pytorch 2025-10-03 5.3 Medium
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55558 2 Linuxfoundation, Pytorch 2 Pytorch, Pytorch 2025-10-03 7.5 High
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-46152 2 Linuxfoundation, Pytorch 2 Pytorch, Pytorch 2025-10-03 5.3 Medium
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46153 2 Linuxfoundation, Pytorch 2 Pytorch, Pytorch 2025-10-03 5.3 Medium
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
CVE-2025-36262 1 Ibm 1 Planning Analytics Local 2025-10-03 4.9 Medium
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.
CVE-2025-57295 1 H3c 3 Magic Nx15, Magic Nx15 Firmware, Nx15v100r015 2025-10-03 8 High
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.
CVE-2014-2355 1 Ge 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity 2025-10-03 N/A
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
CVE-2025-11081 1 Gnu 1 Binutils 2025-10-03 3.3 Low
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
CVE-2024-38620 1 Linux 1 Linux Kernel 2025-10-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP and Primary controllers, as only HCI_PRIMARY is left, this also remove hdev->dev_type altogether.
CVE-2024-38624 1 Linux 1 Linux Kernel 2025-10-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 * vbo + skip
CVE-2025-57769 1 Freshrss 1 Freshrss 2025-10-03 6.1 Medium
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possible, this may lead to privilege escalation via obscuring the promote user button in the admin UI or XSS by tricking the user to drag content into the UserJS text area. This is fixed in version 1.27.0
CVE-2025-59950 1 Freshrss 1 Freshrss 2025-10-03 6.7 Medium
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button inside an attacker-controlled website. A successful attack can allow the attacker to promote themselves to "admin" and log into other users' accounts; the attacker has to know the specific instance URL they're targeting. This issue is fixed in version 1.27.0.