Export limit exceeded: 20535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 41692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41692 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14187 | 1 Ugreen | 1 Dh2100+ | 2026-01-28 | 7.2 High |
| A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2026-01-27 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2025-47334 | 1 Qualcomm | 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | ||||
| CVE-2025-47335 | 1 Qualcomm | 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while parsing clock configuration data for a specific hardware type. | ||||
| CVE-2026-1465 | 1 Anyrtcio-community | 1 Anyrtc-rtmp-opensource | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0. | ||||
| CVE-2026-1464 | 1 Muntashirakon | 1 Appmanager | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4. | ||||
| CVE-2026-24794 | 1 Cardboardpowered | 1 Cardboard | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4. | ||||
| CVE-2026-24796 | 1 Cloverhackycolor | 1 Cloverbootloader | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162. | ||||
| CVE-2026-24798 | 1 Gaijinentertainment | 1 Dagorengine | 2026-01-27 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor_2025_01_15. | ||||
| CVE-2025-14017 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-27 | 6.3 Medium |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | ||||
| CVE-2026-24808 | 1 Rawtherapee | 1 Rawtherapee | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11. | ||||
| CVE-2026-24814 | 1 Swoole | 1 Swoole | 2026-01-27 | N/A |
| Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2. | ||||
| CVE-2026-24818 | 1 Praydog | 1 Uevr | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05. | ||||
| CVE-2025-59097 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via SOAP. The SOAP request is sent without any prior authentication or authorization by default. Though authentication and authorization can be configured using IPsec for 92xx-K5 devices and mTLS for 92xx-K7 devices, it is not enabled by default and must therefore be activated with additional steps. This insecure default allows an attacker with network level access to completely control the whole environment. An attacker is for example easily able to conduct the following tasks without prior authentication: - Re-configure Access Managers (e.g. remove alarming system requirements) - Freely re-configure the inputs and outputs - Open all connected doors permanently - Open all doors for a defined time interval - Change the admin password - and many more Network level access can be gained due to an insufficient network segmentation as well as missing LAN firewalls. Devices with an insecure configuration have been identified to be directly exposed to the internet. | ||||
| CVE-2025-59090 | 1 Dormakaba | 1 Kaba Exos 9300 | 2026-01-27 | N/A |
| On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards. | ||||
| CVE-2025-59108 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced. | ||||
| CVE-2025-59103 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with hardcoded and weak passwords that can be used to access the devices via SSH. The passwords can be also guessed very easily. The password of at least one user is set to a random value after the first deployment, with the restriction that the password is only randomized if the configured date is prior to 2022. Therefore, under certain circumstances, the passwords are not randomized. For example, if the clock is never set on the device, the battery of the clock module has been changed, the Access Manager has been factory reset and has not received a time yet. | ||||
| CVE-2025-59104 | 1 Dormakaba | 1 Access Manager | 2026-01-27 | N/A |
| With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through this vulnerability. | ||||
| CVE-2026-24829 | 1 Is-daouda | 1 Is-engine | 2026-01-27 | 6.5 Medium |
| Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | ||||
| CVE-2026-24820 | 1 Turanszkij | 1 Wickedengine | 2026-01-27 | N/A |
| Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705. | ||||