Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47399 | 1 Qualcomm | 28 Cologne, Cologne Firmware, Fastconnect 7800 and 25 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
|
|||||
| CVE-2025-47398 | 1 Qualcomm | 306 Ar8031, Ar8031 Firmware, Csra6620 and 303 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
|
|||||
| CVE-2025-47397 | 1 Qualcomm | 294 Ar8031, Ar8031 Firmware, Csra6620 and 291 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
|
|||||
| CVE-2026-1739 | 1 Free5gc | 1 Pcf | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
|
|||||
| CVE-2026-1738 | 1 Open5gs | 1 Open5gs | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.
|
|||||
| CVE-2026-1737 | 1 Open5gs | 1 Open5gs | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.
|
|||||
| CVE-2026-1736 | 1 Open5gs | 1 Open5gs | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.
|
|||||
| CVE-2025-47358 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
|
|||||
| CVE-2025-47359 | 1 Qualcomm | 74 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 71 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Memory Corruption when multiple threads simultaneously access a memory free API.
|
|||||
| CVE-2025-47363 | 1 Qualcomm | 70 Qam8255p, Qam8255p Firmware, Qam8295p and 67 more | 2026-02-11 | N/A | 6.8 MEDIUM |
|
Memory corruption when calculating oversized partition sizes without proper checks.
|
|||||
| CVE-2026-1734 | 1 Crmeb | 1 Crmeb | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1733 | 1 Crmeb | 1 Crmeb | 2026-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2021-47919 | 1 Simplephpscripts | 1 Simple Cms Php | 2026-02-11 | N/A | 6.4 MEDIUM |
|
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
|
|||||
| CVE-2021-47918 | 1 Simplephpscripts | 1 Simple Cms Php | 2026-02-11 | N/A | 8.1 HIGH |
|
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
|
|||||
| CVE-2021-47917 | 1 Simplephpscripts | 1 Simple Cms Php | 2026-02-11 | N/A | 6.4 MEDIUM |
|
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
|
|||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | N/A | 8.1 HIGH |
|
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
|
|||||
| CVE-2021-47914 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | N/A | 6.4 MEDIUM |
|
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
|
|||||
| CVE-2021-47913 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | N/A | 6.4 MEDIUM |
|
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
|
|||||
| CVE-2025-47364 | 1 Qualcomm | 70 Qam8255p, Qam8255p Firmware, Qam8295p and 67 more | 2026-02-11 | N/A | 6.8 MEDIUM |
|
Memory corruption while calculating offset from partition start point.
|
|||||
| CVE-2025-47366 | 1 Qualcomm | 318 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 315 more | 2026-02-11 | N/A | 7.1 HIGH |
|
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
|
|||||
| CVE-2025-70983 | 1 Bladex | 1 Springblade | 2026-02-11 | N/A | 9.9 CRITICAL |
|
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
|
|||||
| CVE-2026-21253 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-67264 | 1 Doogee | 6 Note59, Note59 Firmware, Note59 Pro and 3 more | 2026-02-11 | N/A | 7.8 HIGH |
|
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710
|
|||||
| CVE-2025-61506 | 1 Mediacrush | 1 Mediacrush | 2026-02-11 | N/A | 9.8 CRITICAL |
|
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
|
|||||
| CVE-2025-63372 | 2 Articentgroup, Microsoft | 2 Zip Rar Extractor Tool, Windows | 2026-02-11 | N/A | 4.3 MEDIUM |
|
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
|
|||||
| CVE-2025-63624 | 1 Sdkede | 2 Iot Smart Water Meter, Iot Smart Water Meter Firmware | 2026-02-11 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
|
|||||
| CVE-2026-23565 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service.
|
|||||
| CVE-2025-52022 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 5.3 MEDIUM |
|
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
|
|||||
| CVE-2025-52023 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 5.3 MEDIUM |
|
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
|
|||||
| CVE-2026-23564 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.
|
|||||
| CVE-2025-65875 | 1 Fpdf | 1 Fpdf | 2026-02-11 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
|||||
| CVE-2025-52025 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 9.4 CRITICAL |
|
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.
|
|||||
| CVE-2025-52024 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 9.4 CRITICAL |
|
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any ...
Show More |
|||||
| CVE-2025-58077 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code
via a specially crafted set of network packets containing an excessive number of host entries
This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||
| CVE-2025-58455 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||
| CVE-2025-59482 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||
| CVE-2025-59487 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Bui ...
Show More |
|||||
| CVE-2025-61944 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||
| CVE-2025-61983 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||
| CVE-2025-62404 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-02-11 | N/A | 8.0 HIGH |
|
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
|
|||||