Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24862 2026-01-28 N/A
Not used
CVE-2026-24861 2026-01-28 N/A
Not used
CVE-2026-24860 2026-01-28 N/A
Not used
CVE-2026-24859 2026-01-28 N/A
Not used
CVE-2025-43860 2 Open-emr, Openemr 2 Openemr, Openemr 2026-01-27 7.6 High
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.
CVE-2024-1545 3 Linux, Microsoft, Wolfssl 4 Linux Kernel, Windows, Wolfcrypt and 1 more 2026-01-27 5.9 Medium
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
CVE-2024-1544 1 Wolfssl 1 Wolfssl 2026-01-27 4.1 Medium
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.
CVE-2025-47334 1 Qualcomm 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more 2026-01-27 6.7 Medium
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2025-47335 1 Qualcomm 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more 2026-01-27 6.7 Medium
Memory corruption while parsing clock configuration data for a specific hardware type.
CVE-2025-47336 1 Qualcomm 37 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 34 more 2026-01-27 6.7 Medium
Memory corruption while performing sensor register read operations.
CVE-2025-47337 1 Qualcomm 129 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 126 more 2026-01-27 6.7 Medium
Memory corruption while accessing a synchronization object during concurrent operations.
CVE-2025-66518 1 Apache 1 Kyuubi 2026-01-27 8.8 High
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.
CVE-2025-14017 2 Curl, Haxx 2 Curl, Curl 2026-01-27 6.3 Medium
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
CVE-2025-47339 1 Qualcomm 371 Ar8035, Ar8035 Firmware, Ar9380 and 368 more 2026-01-27 7.8 High
Memory corruption while deinitializing a HDCP session.
CVE-2025-47344 1 Qualcomm 165 Csra6620, Csra6620 Firmware, Csra6640 and 162 more 2026-01-27 6.7 Medium
Memory corruption while handling sensor utility operations.
CVE-2025-47345 1 Qualcomm 211 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 208 more 2026-01-27 8.4 High
Cryptographic issue may occur while encrypting license data.
CVE-2025-47346 1 Qualcomm 227 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 224 more 2026-01-27 7.8 High
Memory corruption while processing a secure logging command in the trusted application.
CVE-2025-34038 2 Weaver, Weiphp 2 E-cology, Weiphp 2026-01-27 7.5 High
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
CVE-2025-52517 1 Samsung 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more 2026-01-27 5.1 Medium
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service.
CVE-2017-16539 1 Mobyproject 1 Moby 2026-01-27 5.9 Medium
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.