Skip to main content
CVE-2025-21425 HIGH This Week

Memory corruption may occur due top improper access control in HAB process. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +30
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-3426 HIGH This Week

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2024-43065 HIGH This Week

Cryptographic issues while generating an asymmetric key pair for RKP use cases. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 7800 Firmware Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +160
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32014 MEDIUM PATCH This Month

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2251 MEDIUM PATCH This Month

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 3.1
6.2
EPSS
3.8%
CVE-2025-3352 MEDIUM This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3351 MEDIUM This Month

A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-32029 MEDIUM PATCH This Month

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-31174 MEDIUM This Month

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-20656 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +19
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-31171 MEDIUM This Month

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-49848 MEDIUM This Month

Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Qam8255p Firmware Qam8295p Firmware +143
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20662 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20661 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Mt9972 +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20660 MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20657 MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-45544 MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +42
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45543 MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +62
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45540 MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware +66
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-20659 MEDIUM This Month

In Modem, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Mt2735 Firmware Mt2737 Firmware +83
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30373 MEDIUM PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Graylog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-45556 MEDIUM This Month

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware +56
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3329 LOW POC Monitor

A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Comanda Mobile
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-3359 MEDIUM PATCH This Month

A flaw was found in GNUPlot. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-45551 MEDIUM This Month

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +236
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29594 MEDIUM This Month

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-20658 MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Mt2718 +18
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0050 MEDIUM This Month

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 5th Gen Gpu Architecture Userspace Driver Bifrost Gpu Userspace Driver Valhall Gpu Userspace Driver
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-31475 MEDIUM PATCH This Month

tarteaucitron.js is a compliant and accessible cookie banner. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Tarteaucitronjs
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2025-31138 MEDIUM PATCH This Month

tarteaucitron.js is a compliant and accessible cookie banner. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Tarteaucitronjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43046 MEDIUM This Month

There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +304
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21431 MEDIUM This Month

Information disclosure may be there when a guest VM is connected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +32
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-58113 MEDIUM This Month

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3382 MEDIUM This Month

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-20655 MEDIUM This Month

In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Mt9972 Google
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-58110 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58109 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58108 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-38797 MEDIUM PATCH This Month

EDK2 contains a vulnerability in the HashPeImageByType(). Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58116 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58115 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2025-3360 LOW Monitor

A flaw was found in GLib. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
3.7
EPSS
0.4%
CVE-2025-27534 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-25057 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-24304 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22842 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22452 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-20102 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-29087 LOW Monitor

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Sqlite
NVD GitHub
CVSS 3.1
3.2
EPSS
0.2%
CVE-2025-27686 LOW Monitor

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Code Injection LDAP Unisphere For Powermax
NVD
CVSS 3.1
2.7
EPSS
0.3%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy