Total
13147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53965 | 2025-12-03 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error. | |||||
| CVE-2025-64713 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-12-03 | N/A | 5.1 MEDIUM |
| WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4. | |||||
| CVE-2025-33195 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.4 MEDIUM |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. | |||||
| CVE-2025-12875 | 1 Mruby | 1 Mruby | 2025-12-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-13547 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-13549 | 1 Dlink | 2 Dir-822k, Dir-822k Firmware | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-13548 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-13550 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-13551 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-13552 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-43433 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-01 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43431 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-01 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-21483 | 1 Qualcomm | 454 Apq8017, Apq8017 Firmware, Apq8064au and 451 more | 2025-11-28 | N/A | 9.8 CRITICAL |
| Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. | |||||
| CVE-2025-13553 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-11-26 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-13566 | 2025-11-25 | 1.7 LOW | 3.3 LOW | ||
| A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue. | |||||
| CVE-2025-2584 | 1 Webassembly | 1 Wabt | 2025-11-25 | 5.1 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2016-5290 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2017-5410 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2017-7826 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2016-2815 | 4 Canonical, Mozilla, Novell and 1 more | 7 Ubuntu Linux, Firefox, Suse Linux Enterprise Desktop and 4 more | 2025-11-25 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||