Total
312721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42261 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3) | |||||
| CVE-2024-42265 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path. | |||||
| CVE-2024-42267 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel. | |||||
| CVE-2025-26258 | 1 Remyandrade | 1 Employee Management System | 2025-10-03 | N/A | 6.1 MEDIUM |
| Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.' | |||||
| CVE-2025-61733 | 1 Apache | 1 Kylin | 2025-10-03 | N/A | 7.5 HIGH |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue. | |||||
| CVE-2025-61734 | 1 Apache | 1 Kylin | 2025-10-03 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue. | |||||
| CVE-2025-61735 | 1 Apache | 1 Kylin | 2025-10-03 | N/A | 7.3 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue. | |||||
| CVE-2025-8937 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8938 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9003 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2025-10-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-7932 | 1 Dlink | 2 Dir-817l, Dir-817l Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7836 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33058 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-10-03 | N/A | 7.5 HIGH |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | |||||
| CVE-2024-33035 | 1 Qualcomm | 180 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 177 more | 2025-10-03 | N/A | 8.4 HIGH |
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | |||||
| CVE-2024-33016 | 1 Qualcomm | 666 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 663 more | 2025-10-03 | N/A | 6.8 MEDIUM |
| memory corruption when an invalid firehose patch command is invoked. | |||||
| CVE-2025-56769 | 1 Hutool | 1 Hutool | 2025-10-03 | N/A | 6.5 MEDIUM |
| An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class. | |||||
| CVE-2024-23365 | 1 Qualcomm | 96 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 93 more | 2025-10-03 | N/A | 8.4 HIGH |
| Memory corruption while releasing shared resources in MinkSocket listener thread. | |||||
| CVE-2024-23364 | 1 Qualcomm | 358 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 355 more | 2025-10-03 | N/A | 7.5 HIGH |
| Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). | |||||
| CVE-2024-23362 | 1 Qualcomm | 464 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 461 more | 2025-10-03 | N/A | 7.1 HIGH |
| Cryptographic issue while parsing RSA keys in COBR format. | |||||
| CVE-2024-23358 | 1 Qualcomm | 106 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 103 more | 2025-10-03 | N/A | 7.5 HIGH |
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. | |||||