Total
13106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36292 | 2025-05-16 | 7.3 High | ||
| Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-4732 | 2025-05-16 | 8.8 High | ||
| A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4733 | 2025-05-16 | 8.8 High | ||
| A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4730 | 2025-05-16 | 8.8 High | ||
| A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4500 | 1 Code-projects | 1 Hotel Management System | 2025-05-16 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34391 | 1 Dell | 4 Alienware Area-51 R4, Alienware Area-51 R4 Firmware, Alienware Area-51 R5 and 1 more | 2025-05-16 | 7.5 High |
| Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2024-30090 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-16 | 7 High |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-35250 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-16 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2025-4059 | 1 Code-projects | 1 Prison Management System | 2025-05-15 | 5.3 Medium |
| A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3139 | 1 Fabian | 1 Bus Reservation System | 2025-05-15 | 5.3 Medium |
| A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24577 | 1 Libgit2 | 1 Libgit2 | 2025-05-15 | 8.6 High |
| libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. | ||||
| CVE-2022-25662 | 1 Qualcomm | 156 Apq8096au, Apq8096au Firmware, Msm8996au and 153 more | 2025-05-15 | 5.3 Medium |
| Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-32491 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2025-05-15 | 4.1 Medium |
| Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. | ||||
| CVE-2022-38690 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 5.5 Medium |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
| CVE-2022-25661 | 1 Qualcomm | 196 Aqt1000, Aqt1000 Firmware, Ar8035 and 193 more | 2025-05-15 | 8.4 High |
| Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2025-31234 | 2025-05-15 | 8.2 High | ||
| The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2022-41199 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-05-15 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2025-31204 | 1 Redhat | 4 Enterprise Linux, Rhel Aus, Rhel E4s and 1 more | 2025-05-15 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-31257 | 1 Redhat | 1 Enterprise Linux | 2025-05-15 | 4.7 Medium |
| This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-1587 | 1 Razormist | 1 Telecom Billing Management System | 2025-05-14 | 5.3 Medium |
| A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonenumber leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||