Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2026-01-27 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2024-1544 | 1 Wolfssl | 1 Wolfssl | 2026-01-27 | 4.1 Medium |
| Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits. | ||||
| CVE-2025-47334 | 1 Qualcomm | 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | ||||
| CVE-2025-47335 | 1 Qualcomm | 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while parsing clock configuration data for a specific hardware type. | ||||
| CVE-2025-47336 | 1 Qualcomm | 37 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 34 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while performing sensor register read operations. | ||||
| CVE-2025-47337 | 1 Qualcomm | 129 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 126 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while accessing a synchronization object during concurrent operations. | ||||
| CVE-2025-66518 | 1 Apache | 1 Kyuubi | 2026-01-27 | 8.8 High |
| Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue. | ||||
| CVE-2025-14017 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-27 | 6.3 Medium |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | ||||
| CVE-2025-47339 | 1 Qualcomm | 371 Ar8035, Ar8035 Firmware, Ar9380 and 368 more | 2026-01-27 | 7.8 High |
| Memory corruption while deinitializing a HDCP session. | ||||
| CVE-2025-47344 | 1 Qualcomm | 165 Csra6620, Csra6620 Firmware, Csra6640 and 162 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while handling sensor utility operations. | ||||
| CVE-2025-47345 | 1 Qualcomm | 211 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 208 more | 2026-01-27 | 8.4 High |
| Cryptographic issue may occur while encrypting license data. | ||||
| CVE-2025-47346 | 1 Qualcomm | 227 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 224 more | 2026-01-27 | 7.8 High |
| Memory corruption while processing a secure logging command in the trusted application. | ||||
| CVE-2025-34038 | 2 Weaver, Weiphp | 2 E-cology, Weiphp | 2026-01-27 | 7.5 High |
| A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | ||||
| CVE-2025-52517 | 1 Samsung | 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more | 2026-01-27 | 5.1 Medium |
| An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. | ||||
| CVE-2017-16539 | 1 Mobyproject | 1 Moby | 2026-01-27 | 5.9 Medium |
| The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | ||||
| CVE-2025-29847 | 1 Apache | 1 Linkis | 2026-01-27 | 7.5 High |
| A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here: https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve | ||||
| CVE-2025-59355 | 1 Apache | 1 Linkis | 2026-01-27 | 6.5 Medium |
| A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPassword) or other fields encoded in Base64. Version: Apache Linkis 1.0.0 – 1.7.0 Trigger Conditions The value of the configuration item is an invalid Base64 string. Log files are readable by users other than hive-site.xml administrators. Severity: Low The probability of Base64 decoding failure is low. The leakage is only triggered when logs at the Error level are exposed. Remediation Apache Linkis 1.8.0 and later versions have replaced the log with desensitized content. logger.error("URL decode failed: {}", e.getMessage()); // 不再输出 str Users are recommended to upgrade to version 1.8.0, which fixes the issue. | ||||
| CVE-2023-31233 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2026-01-27 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | ||||
| CVE-2020-16194 | 1 Store-opart | 1 Op\'art Devis | 2026-01-27 | 5.3 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields. | ||||
| CVE-2016-10871 | 1 Ibericode | 1 Mailchimp For Wordpress | 2026-01-27 | N/A |
| The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. | ||||