Export limit exceeded: 348953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43737 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58189 | 1 Golang | 2 Crypto, Go | 2026-01-29 | 5.3 Medium |
| When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | ||||
| CVE-2025-61724 | 1 Golang | 2 Go, Net | 2026-01-29 | 5.3 Medium |
| The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. | ||||
| CVE-2025-47912 | 1 Golang | 2 Go, Net | 2026-01-29 | 5.3 Medium |
| The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement. | ||||
| CVE-2025-65805 | 1 Openairinterface | 2 Cn5g Amf, Oai-cn5g-amf | 2026-01-29 | 7.5 High |
| OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. | ||||
| CVE-2025-46699 | 1 Dell | 1 Data Protection Advisor | 2026-01-28 | 4.3 Medium |
| Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-47323 | 1 Qualcomm | 357 Ar8035, Ar8035 Firmware, Csra6620 and 354 more | 2026-01-28 | 7.8 High |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | ||||
| CVE-2025-47330 | 1 Qualcomm | 447 Ar8031, Ar8031 Firmware, Ar8035 and 444 more | 2026-01-28 | 5.5 Medium |
| Transient DOS while parsing video packets received from the video firmware. | ||||
| CVE-2025-47331 | 1 Qualcomm | 599 Ar8031, Ar8031 Firmware, Ar8035 and 596 more | 2026-01-28 | 6.1 Medium |
| Information disclosure while processing a firmware event. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2026-01-27 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2025-47334 | 1 Qualcomm | 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | ||||
| CVE-2025-47335 | 1 Qualcomm | 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while parsing clock configuration data for a specific hardware type. | ||||
| CVE-2025-14017 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-27 | 6.3 Medium |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | ||||
| CVE-2025-46819 | 1 Redis | 1 Redis | 2026-01-27 | 6.3 Medium |
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families. | ||||
| CVE-2025-46817 | 1 Redis | 1 Redis | 2026-01-27 | 7 High |
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. | ||||
| CVE-2025-47321 | 1 Qualcomm | 231 Ar8031, Ar8031 Firmware, Ar8035 and 228 more | 2026-01-27 | 7.8 High |
| Memory corruption while copying packets received from unix clients. | ||||
| CVE-2025-47388 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption while passing pages to DSP with an unaligned starting address. | ||||
| CVE-2025-47393 | 1 Qualcomm | 37 Qam8255p, Qam8255p Firmware, Qam8650p and 34 more | 2026-01-27 | 7.8 High |
| Memory corruption when accessing resources in kernel driver. | ||||
| CVE-2025-47394 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | ||||
| CVE-2025-47395 | 1 Qualcomm | 3 Snapdragon, Wcn7861, Wcn7861 Firmware | 2026-01-27 | 6.5 Medium |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. | ||||
| CVE-2025-58580 | 1 Sick | 1 Enterprise Analytics | 2026-01-27 | 6.5 Medium |
| An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example. | ||||