Export limit exceeded: 343487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343487 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47390 | 1 Qualcomm | 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more | 2026-04-08 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||
| CVE-2025-47389 | 1 Qualcomm | 363 Ar8035, Ar8035 Firmware, Cologne and 360 more | 2026-04-08 | 7.8 High |
| Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||||
| CVE-2025-47374 | 1 Qualcomm | 61 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 58 more | 2026-04-08 | 6.5 Medium |
| Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | ||||
| CVE-2026-21374 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-08 | 7.8 High |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21373 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-08 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21372 | 1 Qualcomm | 57 Cologne, Cologne Firmware, Fastconnect 6700 and 54 more | 2026-04-08 | 7.8 High |
| Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | ||||
| CVE-2026-21371 | 1 Qualcomm | 105 Aqt1000, Aqt1000 Firmware, Cologne and 102 more | 2026-04-08 | 7.8 High |
| Memory Corruption when retrieving output buffer with insufficient size validation. | ||||
| CVE-2026-21367 | 1 Qualcomm | 301 Ar8035, Ar8035 Firmware, Cologne and 298 more | 2026-04-08 | 7.6 High |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | ||||
| CVE-2025-47400 | 1 Qualcomm | 23 Pandeiro, Pandeiro Firmware, Snapdragon and 20 more | 2026-04-08 | 7.1 High |
| Cryptographic issue while copying data to a destination buffer without validating its size. | ||||
| CVE-2026-4319 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-08 | 7.3 High |
| A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-21382 | 1 Qualcomm | 39 Cologne, Cologne Firmware, Fastconnect 6900 and 36 more | 2026-04-08 | 7.8 High |
| Memory Corruption when handling power management requests with improperly sized input/output buffers. | ||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-08 | 7.6 High |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||||
| CVE-2026-32763 | 2 Kysely, Kysely-org | 2 Kysely, Kysely | 2026-04-08 | 8.2 High |
| Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled values from `.key()` and `.at()` directly into single-quoted JSON path string literals (`'$.key'`) without escaping single quotes. An attacker can break out of the JSON path string context and inject arbitrary SQL. This is inconsistent with `sanitizeIdentifier()`, which properly doubles delimiter characters for identifiers — both are non-parameterizable SQL constructs requiring manual escaping, but only identifiers are protected. Version 0.28.12 fixes the issue. | ||||
| CVE-2026-21380 | 1 Qualcomm | 47 Cologne, Cologne Firmware, Fastconnect 6900 and 44 more | 2026-04-08 | 7.8 High |
| Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. | ||||
| CVE-2026-32888 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-04-08 | 8.8 High |
| Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom filter), user-supplied input from the search GET parameter is interpolated directly into a HAVING clause without parameterization or sanitization. This allows an authenticated attacker with basic item search permissions to execute arbitrary SQL queries. A patch did not exist at the time of publication. | ||||
| CVE-2026-21378 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Cologne and 99 more | 2026-04-08 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21376 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-08 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21375 | 1 Qualcomm | 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more | 2026-04-08 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-32933 | 1 Luckypennysoftware | 1 Automapper | 2026-04-08 | 7.5 High |
| AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a `StackOverflowException` and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue. | ||||
| CVE-2026-32768 | 1 Ctfer-io | 1 Chall-manager | 2026-04-08 | 9.9 Critical |
| Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5. | ||||