Export limit exceeded: 335271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33058 | 1 Qualcomm | 379 Aqt1000, Aqt1000 Firmware, Ar8035 and 376 more | 2025-10-03 | 7.5 High |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | ||||
| CVE-2024-33035 | 1 Qualcomm | 181 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 178 more | 2025-10-03 | 8.4 High |
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | ||||
| CVE-2024-33016 | 1 Qualcomm | 669 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 666 more | 2025-10-03 | 6.8 Medium |
| memory corruption when an invalid firehose patch command is invoked. | ||||
| CVE-2025-56769 | 1 Hutool | 1 Hutool | 2025-10-03 | 6.5 Medium |
| An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class. | ||||
| CVE-2024-23365 | 1 Qualcomm | 96 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 93 more | 2025-10-03 | 8.4 High |
| Memory corruption while releasing shared resources in MinkSocket listener thread. | ||||
| CVE-2024-23364 | 1 Qualcomm | 359 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 356 more | 2025-10-03 | 7.5 High |
| Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). | ||||
| CVE-2024-23362 | 1 Qualcomm | 466 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 463 more | 2025-10-03 | 7.1 High |
| Cryptographic issue while parsing RSA keys in COBR format. | ||||
| CVE-2024-23358 | 1 Qualcomm | 107 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 104 more | 2025-10-03 | 7.5 High |
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. | ||||
| CVE-2024-23359 | 1 Qualcomm | 324 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 321 more | 2025-10-03 | 8.2 High |
| Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. | ||||
| CVE-2025-29155 | 1 Smartbear | 1 Swagger Petstore | 2025-10-03 | 6.5 Medium |
| An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint | ||||
| CVE-2025-11049 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.3 Medium |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-10954 | 2 Phonenumbers Project, Textit | 2 Phonenumbers, Phonenumbers | 2025-10-03 | 5.3 Medium |
| Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". | ||||
| CVE-2025-11050 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.3 Medium |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2025-10-03 | 7.3 High |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-8014 | 1 Gitlab | 1 Gitlab | 2025-10-03 | 7.5 High |
| Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption. | ||||
| CVE-2025-11139 | 2 Bjskzy, Zhiyou-group | 2 Zhiyou Erp, Zhiyou Erp | 2025-10-03 | 6.3 Medium |
| A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11140 | 2 Bjskzy, Zhiyou-group | 2 Zhiyou Erp, Zhiyou Erp | 2025-10-03 | 7.3 High |
| A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2025-10-03 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | ||||
| CVE-2014-2357 | 1 Subnet | 1 Substation Server | 2025-10-03 | N/A |
| The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. | ||||
| CVE-2014-2356 | 1 Innominate | 1 Mguard Firmware | 2025-10-03 | N/A |
| Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | ||||