Export limit exceeded: 337625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20426 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538. | ||||
| CVE-2026-20427 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | 6.7 Medium |
| In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537. | ||||
| CVE-2026-20428 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536. | ||||
| CVE-2026-20440 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824. | ||||
| CVE-2026-20441 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803. | ||||
| CVE-2026-20443 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-03 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722. | ||||
| CVE-2026-20445 | 2 Google, Mediatek | 24 Android, Mt6835, Mt6855 and 21 more | 2026-03-03 | 4.4 Medium |
| In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184. | ||||
| CVE-2026-20436 | 1 Mediatek | 8 Mt7902, Mt7920, Mt7921 and 5 more | 2026-03-03 | 6.7 Medium |
| In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970. | ||||
| CVE-2026-20437 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | 4.4 Medium |
| In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843. | ||||
| CVE-2026-20438 | 2 Google, Mediatek | 12 Android, Mt2718, Mt6899 and 9 more | 2026-03-03 | 6.4 Medium |
| In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835. | ||||
| CVE-2026-20439 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | 4.4 Medium |
| In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826. | ||||
| CVE-2026-3195 | 1 Qemu | 1 Qemu | 2026-03-03 | 7.4 High |
| A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730. | ||||
| CVE-2026-3441 | 1 Gnu | 1 Binutils | 2026-03-03 | 6.1 Medium |
| No description is available for this CVE. | ||||
| CVE-2026-3442 | 1 Gnu | 1 Binutils | 2026-03-03 | 6.1 Medium |
| No description is available for this CVE. | ||||
| CVE-2025-66880 | 1 720yun | 1 Pano Sdk | 2026-03-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. | ||||
| CVE-2025-58107 | 1 Microsoft | 4 Exchange, Exchange Server, Exchange Server 2016 and 1 more | 2026-03-03 | 7.5 High |
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2025-65465 | 1 Skrol29 | 1 Tbszip | 2026-03-03 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18. | ||||
| CVE-2026-20430 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7915, Mt7916 and 4 more | 2026-03-03 | 8.8 High |
| In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151. | ||||
| CVE-2026-20429 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. | ||||
| CVE-2026-2584 | 1 Ciser System | 1 Csip Firmware | 2026-03-03 | N/A |
| A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L). | ||||