Total
3990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48723 | 1 Qnap | 1 Qsync Central | 2026-06-17 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-48721 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later | |||||
| CVE-2025-48611 | 1 Google | 1 Android | 2026-06-17 | N/A | 10.0 CRITICAL |
| In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48386 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. | |||||
| CVE-2025-47399 | 1 Qualcomm | 28 Cologne, Cologne Firmware, Fastconnect 7800 and 25 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | |||||
| CVE-2025-47394 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | |||||
| CVE-2025-47388 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption while passing pages to DSP with an unaligned starting address. | |||||
| CVE-2025-47372 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8620p and 43 more | 2026-06-17 | N/A | 9.0 CRITICAL |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | |||||
| CVE-2025-47341 | 1 Qualcomm | 62 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 59 more | 2026-06-17 | N/A | 7.8 HIGH |
| memory corruption while processing an image encoding completion event. | |||||
| CVE-2025-47335 | 1 Qualcomm | 90 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 87 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Memory corruption while parsing clock configuration data for a specific hardware type. | |||||
| CVE-2025-47334 | 1 Qualcomm | 292 Csra6620, Csra6620 Firmware, Csra6640 and 289 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | |||||
| CVE-2025-47321 | 1 Qualcomm | 230 Ar8031, Ar8031 Firmware, Ar8035 and 227 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption while copying packets received from unix clients. | |||||
| CVE-2025-46789 | 1 Zoom | 1 Zoom | 2026-06-17 | N/A | 6.5 MEDIUM |
| Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access. | |||||
| CVE-2025-46785 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-46776 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2026-06-17 | N/A | 6.4 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. | |||||
| CVE-2025-46714 | 1 Sandboxie-plus | 1 Sandboxie | 2026-06-17 | N/A | 7.8 HIGH |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue. | |||||
| CVE-2025-46713 | 1 Sandboxie-plus | 1 Sandboxie | 2026-06-17 | N/A | 7.8 HIGH |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue. | |||||
| CVE-2025-46397 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2026-06-17 | N/A | 7.8 HIGH |
| A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | |||||
| CVE-2025-46108 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. | |||||
| CVE-2025-46060 | 1 Totolink | 2 N600r, N600r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component | |||||