Skip to main content
CVE-2025-31171 MEDIUM This Month

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-49848 MEDIUM This Month

Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Qam8255p Firmware Qam8295p Firmware +143
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20662 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20661 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20660 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20657 MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-45544 MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +42
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45543 MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +62
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45540 MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware +66
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-20659 MEDIUM This Month

In Modem, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Mt2735 Firmware Mt2737 Firmware +83
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30373 MEDIUM PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Graylog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-45556 MEDIUM This Month

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware +56
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3359 MEDIUM PATCH This Month

A flaw was found in GNUPlot. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-45551 MEDIUM This Month

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +236
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29594 MEDIUM This Month

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-20658 MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Mt2718 +18
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0050 MEDIUM This Month

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 5th Gen Gpu Architecture Userspace Driver Bifrost Gpu Userspace Driver Valhall Gpu Userspace Driver
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-31475 MEDIUM PATCH This Month

tarteaucitron.js is a compliant and accessible cookie banner. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Tarteaucitronjs
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2025-31138 MEDIUM PATCH This Month

tarteaucitron.js is a compliant and accessible cookie banner. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Tarteaucitronjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43046 MEDIUM This Month

There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +304
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21431 MEDIUM This Month

Information disclosure may be there when a guest VM is connected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +32
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-58113 MEDIUM This Month

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3382 MEDIUM This Month

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-20655 MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Mt9972 Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-58110 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58109 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58108 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-38797 MEDIUM PATCH This Month

EDK2 contains a vulnerability in the HashPeImageByType(). Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58116 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58115 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2025-3384 MEDIUM POC This Week

A vulnerability was found in 1000 Projects Human Resource Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-29481 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libbpf Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-3378 MEDIUM POC This Week

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3375 MEDIUM POC This Week

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3374 MEDIUM POC This Week

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-31476 MEDIUM PATCH Monitor

tarteaucitron.js is a compliant and accessible cookie banner. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS Tarteaucitronjs Tacjs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-3336 MEDIUM POC This Week

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-58106 MEDIUM Monitor

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-22851 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy