Total
312872 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8938 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9003 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2025-10-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-7932 | 1 Dlink | 2 Dir-817l, Dir-817l Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7836 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33058 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-10-03 | N/A | 7.5 HIGH |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | |||||
| CVE-2024-33035 | 1 Qualcomm | 180 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 177 more | 2025-10-03 | N/A | 8.4 HIGH |
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | |||||
| CVE-2024-33016 | 1 Qualcomm | 666 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 663 more | 2025-10-03 | N/A | 6.8 MEDIUM |
| memory corruption when an invalid firehose patch command is invoked. | |||||
| CVE-2025-56769 | 1 Hutool | 1 Hutool | 2025-10-03 | N/A | 6.5 MEDIUM |
| An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class. | |||||
| CVE-2024-23365 | 1 Qualcomm | 96 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 93 more | 2025-10-03 | N/A | 8.4 HIGH |
| Memory corruption while releasing shared resources in MinkSocket listener thread. | |||||
| CVE-2024-23364 | 1 Qualcomm | 358 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 355 more | 2025-10-03 | N/A | 7.5 HIGH |
| Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). | |||||
| CVE-2024-23362 | 1 Qualcomm | 464 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 461 more | 2025-10-03 | N/A | 7.1 HIGH |
| Cryptographic issue while parsing RSA keys in COBR format. | |||||
| CVE-2024-23358 | 1 Qualcomm | 106 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 103 more | 2025-10-03 | N/A | 7.5 HIGH |
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. | |||||
| CVE-2024-23359 | 1 Qualcomm | 322 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 319 more | 2025-10-03 | N/A | 8.2 HIGH |
| Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. | |||||
| CVE-2025-29155 | 1 Smartbear | 1 Swagger Petstore | 2025-10-03 | N/A | 6.5 MEDIUM |
| An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint | |||||
| CVE-2025-21438 | 1 Qualcomm | 86 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 83 more | 2025-10-03 | N/A | 7.8 HIGH |
| Memory corruption while IOCTL call is invoked from user-space to read board data. | |||||
| CVE-2025-11049 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-10954 | 1 Textit | 1 Phonenumbers | 2025-10-03 | N/A | 5.3 MEDIUM |
| Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". | |||||
| CVE-2025-11050 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-8014 | 1 Gitlab | 1 Gitlab | 2025-10-03 | N/A | 7.5 HIGH |
| Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption. | |||||