Export limit exceeded: 41716 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41716 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23533 | 1 Freerdp | 1 Freerdp | 2026-01-28 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. | ||||
| CVE-2026-23534 | 1 Freerdp | 1 Freerdp | 2026-01-28 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. | ||||
| CVE-2026-23732 | 1 Freerdp | 1 Freerdp | 2026-01-28 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue. | ||||
| CVE-2025-47323 | 1 Qualcomm | 357 Ar8035, Ar8035 Firmware, Csra6620 and 354 more | 2026-01-28 | 7.8 High |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | ||||
| CVE-2025-47330 | 1 Qualcomm | 447 Ar8031, Ar8031 Firmware, Ar8035 and 444 more | 2026-01-28 | 5.5 Medium |
| Transient DOS while parsing video packets received from the video firmware. | ||||
| CVE-2025-47331 | 1 Qualcomm | 599 Ar8031, Ar8031 Firmware, Ar8035 and 596 more | 2026-01-28 | 6.1 Medium |
| Information disclosure while processing a firmware event. | ||||
| CVE-2025-14187 | 1 Ugreen | 1 Dh2100+ | 2026-01-28 | 7.2 High |
| A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2026-01-27 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2025-47334 | 1 Qualcomm | 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | ||||
| CVE-2025-47335 | 1 Qualcomm | 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while parsing clock configuration data for a specific hardware type. | ||||
| CVE-2026-1465 | 1 Anyrtcio-community | 1 Anyrtc-rtmp-opensource | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0. | ||||
| CVE-2026-1464 | 1 Muntashirakon | 1 Appmanager | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4. | ||||
| CVE-2026-24794 | 1 Cardboardpowered | 1 Cardboard | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4. | ||||
| CVE-2026-24796 | 1 Cloverhackycolor | 1 Cloverbootloader | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162. | ||||
| CVE-2026-24798 | 1 Gaijinentertainment | 1 Dagorengine | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor_2025_01_15. | ||||
| CVE-2025-14017 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-27 | 6.3 Medium |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | ||||
| CVE-2026-24808 | 1 Rawtherapee | 1 Rawtherapee | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11. | ||||
| CVE-2026-24814 | 1 Swoole | 1 Swoole | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2. | ||||
| CVE-2026-24818 | 1 Praydog | 1 Uevr | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05. | ||||
| CVE-2025-59097 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via SOAP. The SOAP request is sent without any prior authentication or authorization by default. Though authentication and authorization can be configured using IPsec for 92xx-K5 devices and mTLS for 92xx-K7 devices, it is not enabled by default and must therefore be activated with additional steps. This insecure default allows an attacker with network level access to completely control the whole environment. An attacker is for example easily able to conduct the following tasks without prior authentication: - Re-configure Access Managers (e.g. remove alarming system requirements) - Freely re-configure the inputs and outputs - Open all connected doors permanently - Open all doors for a defined time interval - Change the admin password - and many more Network level access can be gained due to an insufficient network segmentation as well as missing LAN firewalls. Devices with an insecure configuration have been identified to be directly exposed to the internet. | ||||