Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53797 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53798 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53796 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-54901 | 2025-09-11 | N/A | 5.5 MEDIUM | ||
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-53806 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-36855 | 2025-09-08 | N/A | 8.8 HIGH | ||
| A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.11 & <= 9.0.0 as represented in CVE-2025-21176. Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | |||||
| CVE-2024-7347 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-09-05 | N/A | 4.7 MEDIUM |
| NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-30039 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 5.5 MEDIUM |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||
| CVE-2025-27029 | 1 Qualcomm | 134 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 131 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | |||||
| CVE-2024-53019 | 1 Qualcomm | 162 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 159 more | 2025-08-20 | N/A | 8.2 HIGH |
| Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources. | |||||
| CVE-2025-27065 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 297 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing a frame with malformed shared-key descriptor. | |||||
| CVE-2025-21421 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing escape code in API. | |||||
| CVE-2025-21457 | 1 Qualcomm | 30 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 27 more | 2025-08-19 | N/A | 6.1 MEDIUM |
| Information disclosure while opening a fastrpc session when domain is not sanitized. | |||||
| CVE-2025-27068 | 1 Qualcomm | 32 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6900 and 29 more | 2025-08-18 | N/A | 7.8 HIGH |
| Memory corruption while processing an IOCTL command with an arbitrary address. | |||||
| CVE-2025-53736 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-08-18 | N/A | 6.8 MEDIUM |
| Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2024-21459 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Ar9380 and 347 more | 2025-08-15 | N/A | 6.5 MEDIUM |
| Information disclosure while handling beacon or probe response frame in STA. | |||||
| CVE-2021-34584 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2024-52877 | 1 Insyde | 1 Insydeh2o | 2025-08-15 | N/A | 7.5 HIGH |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. | |||||
| CVE-2024-52878 | 1 Insyde | 1 Insydeh2o | 2025-08-15 | N/A | 7.5 HIGH |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. | |||||
| CVE-2024-52879 | 1 Insyde | 1 Insydeh2o | 2025-08-15 | N/A | 7.5 HIGH |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. | |||||