Export limit exceeded: 364891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62814 1 Samsung 11 Exynos, Exynos 1280, Exynos 1280 Firmware and 8 more 2026-03-04 7.5 High
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
CVE-2025-66363 1 Samsung 2 Exynos 2200, Exynos 2200 Firmware 2026-03-04 7.5 High
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
CVE-2025-62816 1 Samsung 15 Exynos, Exynos 1280, Exynos 1280 Firmware and 12 more 2026-03-04 5.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service.
CVE-2025-47376 1 Qualcomm 341 Ar8031, Ar8031 Firmware, Ar8035 and 338 more 2026-03-04 7.8 High
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
CVE-2025-53868 1 F5 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more 2026-03-04 8.7 High
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-47377 1 Qualcomm 245 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 242 more 2026-03-04 7.8 High
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2025-47381 1 Qualcomm 51 Lemans Au Lgit, Lemans Au Lgit Firmware, Lemansau and 48 more 2026-03-04 7.8 High
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
CVE-2025-59603 1 Qualcomm 59 Cologne, Cologne Firmware, Fastconnect 6900 and 56 more 2026-03-04 7.8 High
Memory Corruption when processing invalid user address with nonstandard buffer address.
CVE-2025-48545 1 Google 1 Android 2026-03-04 7.1 High
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-13120 1 Mruby 1 Mruby 2026-03-04 5.3 Medium
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVE-2025-59600 1 Qualcomm 329 Ar8031, Ar8031 Firmware, Ar8035 and 326 more 2026-03-04 7.8 High
Memory Corruption when adding user-supplied data without checking available buffer space.
CVE-2025-69765 1 Tenda 2 Ax3, Ax3 Firmware 2026-03-04 7.5 High
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
CVE-2025-47147 1 Gallagher 1 Command Centre Mobile Client 2026-03-04 5.7 Medium
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123.
CVE-2025-13688 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
CVE-2025-13687 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
CVE-2025-13686 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
CVE-2024-58041 1 Wonko 1 Smolder 2026-03-04 9.1 Critical
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
CVE-2026-3076 2026-03-03 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: This candidate is a reservation duplicate of CVE-2026-2363. Notes: All CVE users should reference CVE-2026-2363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2021-4456 1 Mrsam 2 Net::cidr, Net\ 2026-03-03 6.5 Medium
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses. The documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe.
CVE-2025-50198 1 Chamilo 1 Chamilo Lms 2026-03-03 4.9 Medium
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.