Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26582 | 1 Linux | 1 Linux Kernel | 2025-11-04 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. | |||||
| CVE-2024-25736 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | N/A | 7.5 HIGH |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request. | |||||
| CVE-2024-25735 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | N/A | 9.1 CRITICAL |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. | |||||
| CVE-2024-25734 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | N/A | 7.5 HIGH |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts. | |||||
| CVE-2024-25711 | 2 Fedoraproject, Reproducible Builds | 2 Fedora, Diffoscope | 2025-11-04 | N/A | 7.5 HIGH |
| diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted. | |||||
| CVE-2024-25580 | 1 Qt | 1 Qt | 2025-11-04 | N/A | 6.2 MEDIUM |
| An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | |||||
| CVE-2024-25446 | 1 Hugin Project | 1 Hugin | 2025-11-04 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25445 | 1 Hugin Project | 1 Hugin | 2025-11-04 | N/A | 7.8 HIGH |
| Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | |||||
| CVE-2024-25443 | 1 Hugin Project | 1 Hugin | 2025-11-04 | N/A | 7.8 HIGH |
| An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | |||||
| CVE-2024-25442 | 1 Hugin Project | 1 Hugin | 2025-11-04 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25395 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 8.8 HIGH |
| A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25394 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 4.3 MEDIUM |
| A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | |||||
| CVE-2024-25393 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 9.8 CRITICAL |
| A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25392 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 5.9 MEDIUM |
| An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25391 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 8.4 HIGH |
| A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25390 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 8.4 HIGH |
| A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25389 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 7.5 HIGH |
| RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. | |||||
| CVE-2024-25388 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | N/A | 8.4 HIGH |
| drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. | |||||
| CVE-2024-25228 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | N/A | 8.8 HIGH |
| Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. | |||||
| CVE-2024-25082 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-11-04 | N/A | 6.5 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. | |||||