Export limit exceeded: 20498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23732 | 1 Freerdp | 1 Freerdp | 2026-01-28 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue. | ||||
| CVE-2025-47330 | 1 Qualcomm | 447 Ar8031, Ar8031 Firmware, Ar8035 and 444 more | 2026-01-28 | 5.5 Medium |
| Transient DOS while parsing video packets received from the video firmware. | ||||
| CVE-2025-47331 | 1 Qualcomm | 599 Ar8031, Ar8031 Firmware, Ar8035 and 596 more | 2026-01-28 | 6.1 Medium |
| Information disclosure while processing a firmware event. | ||||
| CVE-2025-14187 | 1 Ugreen | 1 Dh2100+ | 2026-01-28 | 7.2 High |
| A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2026-01-27 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2025-47334 | 1 Qualcomm | 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | ||||
| CVE-2025-47335 | 1 Qualcomm | 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while parsing clock configuration data for a specific hardware type. | ||||
| CVE-2026-24796 | 1 Cloverhackycolor | 1 Cloverbootloader | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162. | ||||
| CVE-2026-24818 | 1 Praydog | 1 Uevr | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05. | ||||
| CVE-2025-59109 | 1 Dormakaba | 1 Registration Unit 9002 | 2026-01-27 | N/A |
| The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi). | ||||
| CVE-2025-59104 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through this vulnerability. | ||||
| CVE-2026-24829 | 1 Is-daouda | 1 Is-engine | 2026-01-27 | 6.5 Medium |
| Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | ||||
| CVE-2026-24820 | 1 Turanszkij | 1 Wickedengine | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705. | ||||
| CVE-2026-24822 | 1 Ttttupup | 1 Wxhelper | 2026-01-27 | N/A |
| Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1. | ||||
| CVE-2026-24823 | 1 Fastshift | 1 X-track | 2026-01-27 | N/A |
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7. | ||||
| CVE-2026-24821 | 1 Turanszkij | 1 Wickedengine | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727. | ||||
| CVE-2026-24799 | 1 Davisking | 1 Dlib | 2026-01-27 | N/A |
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects dlib: before v19.24.9. | ||||
| CVE-2026-24810 | 1 Rethinkdb | 1 Rethinkdb | 2026-01-27 | N/A |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4. | ||||
| CVE-2026-24800 | 1 Tildearrow | 1 Furnace | 2026-01-27 | N/A |
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C. | ||||
| CVE-2026-24344 | 1 Actions-micro | 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware | 2026-01-27 | N/A |
| Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution | ||||