Total
12898 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0891 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | |||||
| CVE-2026-0886 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 5.3 MEDIUM |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | |||||
| CVE-2026-0878 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 8.0 HIGH |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | |||||
| CVE-2026-0879 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 9.8 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | |||||
| CVE-2025-14407 | 1 Sodapdf | 1 Soda Pdf | 2026-01-21 | N/A | 5.5 MEDIUM |
| Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27141. | |||||
| CVE-2025-55089 | 1 Eclipse | 1 Threadx Filex | 2026-01-20 | N/A | 9.8 CRITICAL |
| In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets | |||||
| CVE-2025-65396 | 2026-01-16 | N/A | 6.1 MEDIUM | ||
| A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations. | |||||
| CVE-2026-0821 | 1 Quickjs-ng | 1 Quickjs | 2026-01-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue. | |||||
| CVE-2026-0640 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-15 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2018-0167 | 2 Cisco, Rockwellautomation | 18 Asr 9001, Asr 9006, Asr 9010 and 15 more | 2026-01-14 | 8.3 HIGH | 8.8 HIGH |
| Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. | |||||
| CVE-2023-30767 | 1 Intel | 1 Optimization For Tensorflow | 2026-01-14 | N/A | 5.5 MEDIUM |
| Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-36581 | 1 Dell | 6 Poweredge R6415, Poweredge R6415 Firmware, Poweredge R7415 and 3 more | 2026-01-14 | N/A | 3.8 LOW |
| Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-46298 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-01-14 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-7116 | 1 Utt | 2 750w, 750w Firmware | 2026-01-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2018-0151 | 1 Cisco | 1 Ios Xe | 2026-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. | |||||
| CVE-2026-0836 | 1 Utt | 2 520w, 520w Firmware | 2026-01-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0837 | 1 Utt | 2 520w, 520w Firmware | 2026-01-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0838 | 1 Utt | 2 520w, 520w Firmware | 2026-01-13 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0839 | 1 Utt | 2 520w, 520w Firmware | 2026-01-13 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0840 | 1 Utt | 2 520w, 520w Firmware | 2026-01-13 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||