Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20649 2 Mediatek, Openwrt 11 Mt6880, Mt6890, Mt6980 and 8 more 2025-04-22 6.5 Medium
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.
CVE-2025-20651 5 Google, Linuxfoundation, Mediatek and 2 more 25 Android, Yocto, Mt2737 and 22 more 2025-04-22 4.1 Medium
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
CVE-2025-20652 2 Google, Mediatek 45 Android, Mt6580, Mt6739 and 42 more 2025-04-22 4.6 Medium
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
CVE-2025-20653 2 Google, Mediatek 15 Android, Mt6781, Mt6789 and 12 more 2025-04-22 6.5 Medium
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
CVE-2025-2724 2025-04-22 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".
CVE-2025-2723 2025-04-22 5.3 Medium
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" valid bytes." The documentation was fixed to make that clear.
CVE-2025-2722 2025-04-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [because] p_n_param is an input-output parameter indicating how big an array has already been allocated.
CVE-2025-2721 2025-04-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" valid bytes." The documentation was fixed to make that clear.
CVE-2025-26304 1 Libming 1 Libming 2025-04-22 8.2 High
A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.
CVE-2025-26305 1 Libming 1 Libming 2025-04-22 8.2 High
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
CVE-2025-25958 1 Phpcms 1 Phpcms 2025-04-22 5.4 Medium
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
CVE-2025-25960 1 Phpcms 1 Phpcms 2025-04-22 6.1 Medium
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator.
CVE-2025-25767 1 Mrcms 1 Mrcms 2025-04-22 4.8 Medium
A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.
CVE-2025-27135 1 Infiniflow 1 Ragflow 2025-04-22 9.8 Critical
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
CVE-2025-2953 1 Linuxfoundation 1 Pytorch 2025-04-22 3.3 Low
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
CVE-2022-45685 3 Debian, Jettison Project, Redhat 3 Debian Linux, Jettison, Apache Camel Spring Boot 2025-04-22 7.5 High
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45028 1 Arris 2 Nvg443b, Nvg443b Firmware 2025-04-22 6.1 Medium
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.
CVE-2022-45005 1 Ip-com 2 Ew9, Ew9 Firmware 2025-04-22 9.8 Critical
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.
CVE-2022-44874 1 Wasm3 Project 1 Wasm3 2025-04-22 5.5 Medium
wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.
CVE-2022-44636 1 Samsung 30 T-ksu2eakuc, T-ksu2eakuc Firmware, T-ksu2edeuc and 27 more 2025-04-22 4.6 Medium
The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.