Export limit exceeded: 343537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343537 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47356 | 1 Qualcomm | 39 Cologne, Cologne Firmware, Fastconnect 6900 and 36 more | 2026-01-27 | 7.8 High |
| Memory Corruption when multiple threads concurrently access and modify shared resources. | ||||
| CVE-2025-47369 | 1 Qualcomm | 351 Ar8035, Ar8035 Firmware, Csra6620 and 348 more | 2026-01-27 | 5.5 Medium |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. | ||||
| CVE-2025-5115 | 1 Eclipse | 1 Jetty | 2026-01-27 | 7.5 High |
| In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h | ||||
| CVE-2025-47380 | 1 Qualcomm | 29 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 26 more | 2026-01-27 | 7.8 High |
| Memory corruption while preprocessing IOCTLs in sensors. | ||||
| CVE-2025-47388 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption while passing pages to DSP with an unaligned starting address. | ||||
| CVE-2025-47393 | 1 Qualcomm | 37 Qam8255p, Qam8255p Firmware, Qam8650p and 34 more | 2026-01-27 | 7.8 High |
| Memory corruption when accessing resources in kernel driver. | ||||
| CVE-2025-47394 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | ||||
| CVE-2025-47395 | 1 Qualcomm | 3 Snapdragon, Wcn7861, Wcn7861 Firmware | 2026-01-27 | 6.5 Medium |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. | ||||
| CVE-2025-47396 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption occurs when a secure application is launched on a device with insufficient memory. | ||||
| CVE-2025-52094 | 1 Pdq | 1 Smart Deploy | 2026-01-27 | 7.8 High |
| Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component | ||||
| CVE-2025-52095 | 1 Pdq | 1 Smart Deploy | 2026-01-27 | 9.8 Critical |
| An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll | ||||
| CVE-2026-21875 | 2 Clipbucket, Oxygenz | 2 Clipbucket, Clipbucket | 2026-01-27 | 9.8 Critical |
| ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The obj_id parameter within the POST request to /actions/ajax.php is then used within the user_exists function of the upload/includes/classes/user.class. php file as the $id parameter. It is then used within the count function of the upload/includes/classes/db.class. php file. The $id parameter is concatenated into the query without validation or sanitization, and a user-supplied input like 1' or 1=1-- - can be used to trigger the injection. This issue does not have a fix at the time of publication. | ||||
| CVE-2025-7974 | 1 Rocket.chat | 1 Rocket.chat | 2026-01-27 | 7.5 High |
| rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517. | ||||
| CVE-2025-56101 | 1 Ruijie | 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-56089 | 1 Ruijie | 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2025-56098 | 1 Ruijie | 5 Rg-ew300 Pro, Rg-ew300 Pro Firmware, X30-pro and 2 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-20945 | 2 Samsung, Samsung Mobile | 12 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 9 more | 2026-01-27 | 4 Medium |
| Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. | ||||
| CVE-2025-20939 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-27 | 5.4 Medium |
| Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. | ||||
| CVE-2025-56093 | 1 Ruijie | 7 Rg-eap602, Rg-eap602 Firmware, Rg-ew300 Pro and 4 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua. | ||||
| CVE-2025-56094 | 1 Ruijie | 5 Rg-ew300 Pro, Rg-ew300 Pro Firmware, X30-pro and 2 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua. | ||||