Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20420 | 1 Mediatek | 40 Mt2735, Mt2737, Mt6813 and 37 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
|
|||||
| CVE-2026-20406 | 1 Mediatek | 56 Mt2735, Mt2737, Mt6813 and 53 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
|
|||||
| CVE-2026-20405 | 1 Mediatek | 56 Mt2735, Mt2737, Mt6813 and 53 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
|
|||||
| CVE-2026-20404 | 1 Mediatek | 56 Mt2735, Mt2737, Mt6813 and 53 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
|
|||||
| CVE-2026-20403 | 1 Mediatek | 46 Mt2735, Mt2737, Mt6813 and 43 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
|
|||||
| CVE-2026-20402 | 1 Mediatek | 20 Mt2735, Mt6833, Mt6853 and 17 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.
|
|||||
| CVE-2026-20401 | 1 Mediatek | 20 Mt2735, Mt6833, Mt6853 and 17 more | 2026-02-17 | N/A | 7.5 HIGH |
|
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.
|
|||||
| CVE-2025-40905 | 2026-02-17 | N/A | 7.3 HIGH | ||
|
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
|
|||||
| CVE-2025-20794 | 1 Mediatek | 54 Mt2735, Mt2737, Mt6813 and 51 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
|
|||||
| CVE-2025-20793 | 1 Mediatek | 53 Mt2735, Mt2737, Mt6813 and 50 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
|
|||||
| CVE-2025-20791 | 1 Mediatek | 26 Mt2735, Mt6833, Mt6833p and 23 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.
|
|||||
| CVE-2025-20762 | 1 Mediatek | 16 Mt6835, Mt6835t, Mt6878 and 13 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.
|
|||||
| CVE-2025-20761 | 1 Mediatek | 58 Mt2735, Mt2737, Mt6833 and 55 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.
|
|||||
| CVE-2025-20760 | 1 Mediatek | 51 Mt2735, Mt2737, Mt6833 and 48 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.
|
|||||
| CVE-2025-20757 | 1 Mediatek | 26 Mt2735, Mt6833, Mt6833p and 23 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.
|
|||||
| CVE-2025-20756 | 1 Mediatek | 38 Mt2735, Mt6833, Mt6833p and 35 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.
|
|||||
| CVE-2025-20752 | 1 Mediatek | 49 Mt2735, Mt2737, Mt6813 and 46 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
|
|||||
| CVE-2025-20751 | 1 Mediatek | 26 Mt2735, Mt6833, Mt6833p and 23 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661195; Issue ID: MSV-4297.
|
|||||
| CVE-2025-20750 | 1 Mediatek | 26 Mt2735, Mt6833, Mt6833p and 23 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.
|
|||||
| CVE-2025-20708 | 1 Mediatek | 63 Mt2735, Mt2737, Mt6813 and 60 more | 2026-02-17 | N/A | 8.8 HIGH |
|
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131.
|
|||||
| CVE-2025-20704 | 1 Mediatek | 16 Mt6813, Mt6835, Mt6835t and 13 more | 2026-02-17 | N/A | 8.0 HIGH |
|
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.
|
|||||
| CVE-2025-20703 | 1 Mediatek | 62 Mt2735, Mt2737, Mt6813 and 59 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.
|
|||||
| CVE-2025-20678 | 1 Mediatek | 94 Lr12a, Lr13, Mt6739 and 91 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.
|
|||||
| CVE-2025-20670 | 1 Mediatek | 46 Mt2737, Mt6813, Mt6835 and 43 more | 2026-02-17 | N/A | 5.7 MEDIUM |
|
In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.
|
|||||
| CVE-2025-20667 | 1 Mediatek | 88 Lr12a, Lr13, Mt2735 and 85 more | 2026-02-17 | N/A | 7.5 HIGH |
|
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
|
|||||
| CVE-2025-20666 | 1 Mediatek | 31 Mt2735, Mt6833, Mt6833p and 28 more | 2026-02-17 | N/A | 7.5 HIGH |
|
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
|
|||||
| CVE-2025-20659 | 1 Mediatek | 170 Mt2735, Mt2735 Firmware, Mt2737 and 167 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.
|
|||||
| CVE-2025-20647 | 1 Mediatek | 77 Mt2735, Mt2737, Mt6739 and 74 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.
|
|||||
| CVE-2025-20644 | 1 Mediatek | 41 Mt2735, Mt2737, Mt6833 and 38 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.
|
|||||
| CVE-2025-20634 | 1 Mediatek | 32 Mt2737, Mt6813, Mt6835 and 29 more | 2026-02-17 | N/A | 9.8 CRITICAL |
|
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
|
|||||
| CVE-2024-20154 | 1 Mediatek | 56 Lr12a, Lr13, Mt2735 and 53 more | 2026-02-17 | N/A | 8.8 HIGH |
|
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
|
|||||
| CVE-2026-24323 | 1 Sap | 3 Document Management System, Erp, S4core | 2026-02-17 | N/A | 6.1 MEDIUM |
|
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
|
|||||
| CVE-2026-25478 | 1 Litestar | 1 Litestar | 2026-02-17 | N/A | 7.4 HIGH |
|
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match unexpectedly. The check relies on allowed_origins_regex.fullmatch(origin). This vulnerability is fixed in 2.20.0.
|
|||||
| CVE-2026-24324 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2026-02-17 | N/A | 6.5 MEDIUM |
|
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.
|
|||||
| CVE-2026-24325 | 1 Sap | 1 Businessobjects Enterprise | 2026-02-17 | N/A | 4.8 MEDIUM |
|
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.
|
|||||
| CVE-2025-64781 | 1 Groupsession | 1 Groupsession | 2026-02-17 | N/A | 4.7 MEDIUM |
|
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.
|
|||||
| CVE-2026-25479 | 1 Litestar | 1 Litestar | 2026-02-17 | N/A | 6.5 MEDIUM |
|
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0.
|
|||||
| CVE-2026-24326 | 1 Sap | 1 S\/4hana Defense \& Security | 2026-02-17 | N/A | 4.3 MEDIUM |
|
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.
|
|||||
| CVE-2026-25480 | 1 Litestar | 1 Litestar | 2026-02-17 | N/A | 6.5 MEDIUM |
|
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via crafted paths, causing one URL to serve cached responses of another (cache poisoning/mixup). This vulnerability is fixed in 2.20.0.
|
|||||
| CVE-2026-24327 | 1 Sap | 1 Strategic Enterprise Management | 2026-02-17 | N/A | 4.3 MEDIUM |
|
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.
|
|||||