Total
12782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53965 | 1 Samsung | 36 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 33 more | 2025-12-05 | N/A | 5.3 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error. | |||||
| CVE-2014-3478 | 2 Christos Zoulas, Php | 2 File, Php | 2025-12-04 | 5.0 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. | |||||
| CVE-2014-0207 | 5 Christos Zoulas, Debian, Opensuse and 2 more | 5 File, Debian Linux, Opensuse and 2 more | 2025-12-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | |||||
| CVE-2012-1571 | 2 Christos Zoulas, Tim Robbins | 2 File, Libmagic | 2025-12-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | |||||
| CVE-2016-1834 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2025-12-04 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2025-13120 | 1 Mruby | 1 Mruby | 2025-12-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-64713 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-12-03 | N/A | 5.1 MEDIUM |
| WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4. | |||||
| CVE-2025-33195 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.4 MEDIUM |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. | |||||
| CVE-2025-12875 | 1 Mruby | 1 Mruby | 2025-12-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-13547 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-13549 | 1 Dlink | 2 Dir-822k, Dir-822k Firmware | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-13548 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-13550 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-13551 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-13552 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-43433 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-01 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43431 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-01 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-21483 | 1 Qualcomm | 454 Apq8017, Apq8017 Firmware, Apq8064au and 451 more | 2025-11-28 | N/A | 9.8 CRITICAL |
| Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. | |||||
| CVE-2025-13553 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-11-26 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-13566 | 2025-11-25 | 1.7 LOW | 3.3 LOW | ||
| A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue. | |||||