Total
13297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14656 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-0050 | 1 Arm | 3 5th Gen Gpu Architecture Userspace Driver, Bifrost Gpu Userspace Driver, Valhall Gpu Userspace Driver | 2025-12-18 | N/A | 5.9 MEDIUM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0. | |||||
| CVE-2017-9048 | 1 Xmlsoft | 1 Libxml2 | 2025-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. | |||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2025-12-17 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2025-43539 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 8.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption. | |||||
| CVE-2025-43447 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2025-12-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2025-43441 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2025-12-17 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43435 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43433 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43431 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43429 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 4.3 MEDIUM |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43425 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43424 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-17 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash. | |||||
| CVE-2025-43398 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-12-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-43373 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.5 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2025-43343 | 3 Apple, Webkitgtk, Wpewebkit | 9 Ipados, Iphone Os, Macos and 6 more | 2025-12-17 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2024-22391 | 2 Fedoraproject, Malaterre | 2 Fedora, Grassroots Dicom | 2025-12-16 | N/A | 7.7 HIGH |
| A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-22373 | 2 Fedoraproject, Malaterre | 2 Fedora, Grassroots Dicom | 2025-12-16 | N/A | 8.1 HIGH |
| An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-14569 | 2025-12-15 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||