Search

Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58343 1 Samsung 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more 2026-02-09 5.5 Medium
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to kernel memory exhaustion.
CVE-2025-67723 1 Discourse 1 Discourse 2026-02-09 4.6 Medium
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be disabled, or the Mathjax provider can be used instead of KaTeX.
CVE-2025-69601 1 Altumcode 1 66biolinks 2026-02-09 6.5 Medium
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten.
CVE-2025-69602 1 Altumcode 1 66biolinks 2026-02-09 9.1 Critical
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who can set or predict a session ID to potentially hijack an authenticated session.
CVE-2025-12772 2 Broadcom, Brocade 2 Sannav, Sannav 2026-02-09 4.9 Medium
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.
CVE-2020-36928 1 Brother 1 Bragent 2026-02-09 7.8 High
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
CVE-2020-36929 1 Brother 1 Brprint Auditor 2026-02-09 7.8 High
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
CVE-2021-47785 1 Ethersoftware 1 Ether Mp3 Cd Burner 2026-02-09 9.8 Critical
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.
CVE-2025-66802 2 Covid-19 Contact Tracing System Project, Sourcecodester 2 Covid-19 Contact Tracing System, Covid-19 Contact Tracing System 2026-02-09 9.8 Critical
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE.
CVE-2026-25845 2026-02-07 N/A
Not used
CVE-2026-25844 2026-02-07 N/A
Not used
CVE-2026-25843 2026-02-07 N/A
Not used
CVE-2026-25842 2026-02-07 N/A
Not used
CVE-2026-25841 2026-02-07 N/A
Not used
CVE-2026-25840 2026-02-07 N/A
Not used
CVE-2026-25839 2026-02-07 N/A
Not used
CVE-2026-25838 2026-02-07 N/A
Not used
CVE-2026-25837 2026-02-07 N/A
Not used
CVE-2023-6763 2026-02-06 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-68138 2 Everest, Linuxfoundation 2 Everest-core, Libocpp 2026-02-06 4.7 Medium
EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.