Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0037 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-0035 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-0032 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-0030 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-0010 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-32313 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-3382 | 1 Chaiscript | 1 Chaiscript | 2026-03-05 | 1.7 LOW | 3.3 LOW |
|
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3537 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | N/A | 8.8 HIGH |
|
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2026-3544 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | N/A | 8.8 HIGH |
|
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-28552 | 1 Huawei | 2 Emui, Harmonyos | 2026-03-05 | N/A | 6.5 MEDIUM |
|
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2026-27622 | 1 Openexr | 1 Openexr | 2026-03-05 | N/A | 7.8 HIGH |
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption procee ...
Show More |
|||||
| CVE-2026-20023 | 2026-03-05 | N/A | 6.1 MEDIUM | ||
|
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to memory corruption when parsing OSPF protocol packets. An attacker could exploit this vulnerability by sending crafted OSPF packets to an affected device. A successful ...
Show More |
|||||
| CVE-2026-20067 | 2026-03-05 | N/A | 5.8 MEDIUM | ||
|
Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.
This vulnerability is due to incomplete error checking when parsing the Multicast DNS fields of the HTTP header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. ...
Show More |
|||||
| CVE-2026-1678 | 2026-03-05 | N/A | 9.4 CRITICAL | ||
|
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
|
|||||
| CVE-2025-70240 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
|
|||||
| CVE-2025-70241 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
|
|||||
| CVE-2025-70239 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
|
|||||
| CVE-2025-70237 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
|
|||||
| CVE-2025-70236 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
|
|||||
| CVE-2025-70234 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
|
|||||
| CVE-2026-3342 | 1 Watchguard | 39 Firebox M270, Firebox M290, Firebox M295 and 36 more | 2026-03-04 | N/A | 7.2 HIGH |
|
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.
This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
|
|||||
| CVE-2025-47373 | 1 Qualcomm | 376 Ar8035, Ar8035 Firmware, Cologne and 373 more | 2026-03-04 | N/A | 7.8 HIGH |
|
Memory Corruption when accessing buffers with invalid length during TA invocation.
|
|||||
| CVE-2026-3094 | 2026-03-04 | N/A | 7.8 HIGH | ||
|
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2025-66945 | 1 Zdir | 1 Zdir | 2026-03-04 | N/A | 9.1 CRITICAL |
|
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution
|
|||||
| CVE-2025-59603 | 1 Qualcomm | 58 Cologne, Cologne Firmware, Fastconnect 6900 and 55 more | 2026-03-04 | N/A | 7.8 HIGH |
|
Memory Corruption when processing invalid user address with nonstandard buffer address.
|
|||||
| CVE-2026-3408 | 1 Openbabel | 1 Open Babel | 2026-03-04 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2026-3400 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-20423 | 1 Mediatek | 7 Mt7902, Mt7920, Mt7921 and 4 more | 2026-03-03 | N/A | 7.8 HIGH |
|
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.
|
|||||
| CVE-2026-20416 | 2 Google, Mediatek | 5 Android, Mt6991, Mt6993 and 2 more | 2026-03-03 | N/A | 7.2 HIGH |
|
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.
|
|||||
| CVE-2026-20425 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.
|
|||||
| CVE-2026-20426 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.
|
|||||
| CVE-2026-20427 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.
|
|||||
| CVE-2026-20428 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.
|
|||||
| CVE-2026-20440 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.
|
|||||
| CVE-2026-20441 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.
|
|||||
| CVE-2026-20444 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
|
|||||
| CVE-2026-20430 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7915, Mt7916 and 4 more | 2026-03-02 | N/A | 8.8 HIGH |
|
In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151.
|
|||||
| CVE-2026-20434 | 1 Mediatek | 99 Lr12a, Lr13, Mt2735 and 96 more | 2026-03-02 | N/A | 7.5 HIGH |
|
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.
|
|||||
| CVE-2026-22716 | 2026-03-02 | N/A | 5.0 MEDIUM | ||
|
Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.
|
|||||
| CVE-2025-1924 | 1 Yokogawa | 2 Centum Vp, Vnet\/ip Interface Package | 2026-03-02 | N/A | 8.2 HIGH |
|
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
|
|||||