Export limit exceeded: 80554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36125 | 1 Apache | 1 Avro | 2026-03-06 | 7.5 High |
| It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | ||||
| CVE-2022-30635 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2026-03-06 | 7.5 High |
| Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | ||||
| CVE-2022-30630 | 2 Golang, Redhat | 17 Go, Acm, Application Interconnect and 14 more | 2026-03-06 | 7.5 High |
| Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | ||||
| CVE-2022-30580 | 1 Golang | 1 Go | 2026-03-06 | 7.8 High |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | ||||
| CVE-2021-40040 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2026-03-06 | 7.5 High |
| Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40030 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2026-03-06 | 7.5 High |
| The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2025-12107 | 1 Wso2 | 2 Identity Server, Wso2 Identity Server | 2026-03-06 | 8.4 High |
| Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information. | ||||
| CVE-2020-9321 | 1 Traefik | 2 Traefik, Traefik Enterprise | 2026-03-06 | 7.5 High |
| configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. | ||||
| CVE-2025-47379 | 1 Qualcomm | 357 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8031 and 354 more | 2026-03-06 | 7.8 High |
| Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. | ||||
| CVE-2021-30952 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Macos and 9 more | 2026-03-06 | 8.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2025-48654 | 1 Google | 1 Android | 2026-03-06 | 7.8 High |
| In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48653 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48650 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48646 | 1 Google | 1 Android | 2026-03-06 | 7.8 High |
| In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-48641 | 1 Google | 1 Android | 2026-03-06 | 7 High |
| In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48636 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48635 | 1 Google | 1 Android | 2026-03-06 | 7.7 High |
| In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48634 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48630 | 1 Google | 1 Android | 2026-03-06 | 7.4 High |
| In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48619 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||