Total
332484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2026-01-27 | N/A | 5.9 MEDIUM |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2024-1544 | 1 Wolfssl | 1 Wolfssl | 2026-01-27 | N/A | 4.1 MEDIUM |
| Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits. | |||||
| CVE-2025-47334 | 1 Qualcomm | 292 Csra6620, Csra6620 Firmware, Csra6640 and 289 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | |||||
| CVE-2025-47335 | 1 Qualcomm | 90 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 87 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while parsing clock configuration data for a specific hardware type. | |||||
| CVE-2025-47336 | 1 Qualcomm | 36 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 33 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while performing sensor register read operations. | |||||
| CVE-2025-47337 | 1 Qualcomm | 128 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 125 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while accessing a synchronization object during concurrent operations. | |||||
| CVE-2025-66518 | 1 Apache | 1 Kyuubi | 2026-01-27 | N/A | 8.8 HIGH |
| Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue. | |||||
| CVE-2025-14017 | 1 Haxx | 1 Curl | 2026-01-27 | N/A | 6.3 MEDIUM |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | |||||
| CVE-2025-47339 | 1 Qualcomm | 370 Ar8035, Ar8035 Firmware, Ar9380 and 367 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while deinitializing a HDCP session. | |||||
| CVE-2025-47344 | 1 Qualcomm | 164 Csra6620, Csra6620 Firmware, Csra6640 and 161 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while handling sensor utility operations. | |||||
| CVE-2025-47345 | 1 Qualcomm | 210 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 207 more | 2026-01-27 | N/A | 8.4 HIGH |
| Cryptographic issue may occur while encrypting license data. | |||||
| CVE-2025-47346 | 1 Qualcomm | 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while processing a secure logging command in the trusted application. | |||||
| CVE-2026-24623 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0. | |||||
| CVE-2026-24528 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9. | |||||
| CVE-2026-24383 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6. | |||||
| CVE-2026-24354 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1. | |||||
| CVE-2026-23976 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4. | |||||
| CVE-2026-22483 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | |||||
| CVE-2026-22470 | 2026-01-27 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11. | |||||
| CVE-2026-22463 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5. | |||||