Total
7186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27741 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-27483 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-29811 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-26642 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27733 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-32460 | 2025-04-09 | N/A | 4.0 MEDIUM | ||
| GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | |||||
| CVE-2024-36612 | 1 Zulip | 1 Zulip Server | 2025-04-09 | N/A | 7.5 HIGH |
| Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. | |||||
| CVE-2025-20655 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-09 | N/A | 5.3 MEDIUM |
| In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183. | |||||
| CVE-2022-40519 | 1 Qualcomm | 386 Aqt1000, Aqt1000 Firmware, Ar8031 and 383 more | 2025-04-09 | N/A | 6.8 MEDIUM |
| Information disclosure due to buffer overread in Core | |||||
| CVE-2022-40518 | 1 Qualcomm | 320 Aqt1000, Aqt1000 Firmware, Ar8031 and 317 more | 2025-04-09 | N/A | 6.8 MEDIUM |
| Information disclosure due to buffer overread in Core | |||||
| CVE-2022-33286 | 1 Qualcomm | 562 Apq8009, Apq8009 Firmware, Apq8017 and 559 more | 2025-04-09 | N/A | 7.5 HIGH |
| Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. | |||||
| CVE-2022-33285 | 1 Qualcomm | 556 Apq8009, Apq8009 Firmware, Apq8017 and 553 more | 2025-04-09 | N/A | 7.5 HIGH |
| Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. | |||||
| CVE-2022-33284 | 1 Qualcomm | 352 Aqt1000, Aqt1000 Firmware, Ar8035 and 349 more | 2025-04-09 | N/A | 8.2 HIGH |
| Information disclosure due to buffer over-read in WLAN while parsing BTM action frame. | |||||
| CVE-2022-33283 | 1 Qualcomm | 268 Ar8035, Ar8035 Firmware, Ar9380 and 265 more | 2025-04-09 | N/A | 8.2 HIGH |
| Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check. | |||||
| CVE-2022-33255 | 1 Qualcomm | 184 Apq8009, Apq8009 Firmware, Ar8031 and 181 more | 2025-04-09 | N/A | 8.2 HIGH |
| Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. | |||||
| CVE-2021-46768 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-09 | N/A | 5.5 MEDIUM |
| Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | |||||
| CVE-2024-20949 | 1 Oracle | 1 Customer Interaction History | 2025-04-09 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | |||||
| CVE-2007-3847 | 3 Apache, Canonical, Fedoraproject | 4 Http Server, Ubuntu Linux, Fedora and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. | |||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | |||||