Search

Search Results (314850 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27040 1 Qualcomm 131 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 128 more 2025-10-21 6.5 Medium
Information disclosure may occur while processing the hypervisor log.
CVE-2025-27059 1 Qualcomm 51 Immersive Home 214 Platform, Immersive Home 214 Platform Firmware, Immersive Home 216 Platform and 48 more 2025-10-21 8.8 High
Memory corruption while performing SCM call.
CVE-2025-27060 1 Qualcomm 51 Immersive Home 214 Platform, Immersive Home 214 Platform Firmware, Immersive Home 216 Platform and 48 more 2025-10-21 8.8 High
Memory corruption while performing SCM call with malformed inputs.
CVE-2025-35059 1 Newforma 2 Newforma Info Exchange, Project Center Server 2025-10-21 4.3 Medium
Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
CVE-2025-47342 1 Qualcomm 17 Qcc5161, Qcc5161 Firmware, Qcc7225 and 14 more 2025-10-21 7.1 High
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.
CVE-2025-47347 2 Qnx, Qualcomm 76 Qnx, Qam8255p, Qam8255p Firmware and 73 more 2025-10-21 7.8 High
Memory corruption while processing control commands in the virtual memory management interface.
CVE-2025-46707 3 Google, Imaginationtech, Linux 3 Android, Ddk, Linux Kernel 2025-10-21 5.2 Medium
Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
CVE-2025-35058 1 Newforma 2 Newforma Info Exchange, Project Center Server 2025-10-21 5.9 Medium
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account.
CVE-2025-62595 2025-10-21 4.3 Medium
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3.
CVE-2025-46708 3 Google, Imaginationtech, Linux 3 Android, Ddk, Linux Kernel 2025-10-21 4.3 Medium
Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
CVE-2025-62518 2025-10-21 8.1 High
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
CVE-2025-62598 2025-10-21 N/A
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
CVE-2025-62597 2025-10-21 N/A
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
CVE-2025-32946 1 Framasoft 1 Peertube 2025-10-21 5.3 Medium
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.
CVE-2025-46710 1 Imaginationtech 1 Ddk 2025-10-21 5.7 Medium
Possible kernel exceptions caused by reading and writing kernel heap data after free.
CVE-2025-32947 1 Framasoft 1 Peertube 2025-10-21 7.5 High
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
CVE-2025-32948 1 Framasoft 1 Peertube 2025-10-21 7.5 High
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.
CVE-2025-32949 1 Framasoft 1 Peertube 2025-10-21 6.5 Medium
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. The yauzl library does not contain any mechanism to detect or prevent extraction of a Zip Bomb https://en.wikipedia.org/wiki/Zip_bomb . Therefore, when using the User Import functionality with a Zip Bomb, PeerTube will try extracting the archive which will cause a disk space resource exhaustion.
CVE-2025-22166 2025-10-21 N/A
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25 Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7 Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2 See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.
CVE-2025-46397 2 Fig2dev Project, Redhat 2 Fig2dev, Enterprise Linux 2025-10-21 4.7 Medium
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.