Search Results (23152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0076 1 Google 1 Android 2026-06-02 7.8 High
In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-59609 1 Qualcomm 375 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 372 more 2026-06-02 5.5 Medium
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2026-41213 1 Node-oauth 2 Node-oauth2-server, Node-oauth\/oauth2-server 2026-06-02 5.9 Medium
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can brute-force code_verifier guesses online until token issuance succeeds.
CVE-2026-29013 1 Libcoap 1 Libcoap 2026-06-02 9.8 Critical
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause out-of-bounds reads through integer wraparound in allocation size computation.
CVE-2026-10292 1 Utt 1 Hiper 1200gw 2026-06-02 8.8 High
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-7254 1 Ibm 1 Openbmc 2026-06-02 5.3 Medium
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
CVE-2025-59612 1 Qualcomm 63 Cologne, Cologne Firmware, Fastconnect 6700 and 60 more 2026-06-02 6.7 Medium
Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2025-59613 1 Qualcomm 89 Cologne, Cologne Firmware, Fastconnect 6700 and 86 more 2026-06-02 6.7 Medium
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2026-24085 1 Qualcomm 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more 2026-06-02 7.2 High
Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2026-24087 1 Qualcomm 431 Ar8031, Ar8031 Firmware, Ar8035 and 428 more 2026-06-02 7.2 High
Memory corruption while processing fastboot OEM commands.
CVE-2026-24089 1 Qualcomm 439 Ar8031, Ar8031 Firmware, Ar8035 and 436 more 2026-06-02 7.2 High
Memory corruption while processing fastboot commands with invalid input.
CVE-2026-24091 1 Qualcomm 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more 2026-06-02 7.2 High
Memory corruption while processing fastboot commands with improperly formatted input.
CVE-2026-24092 1 Qualcomm 437 Ar8031, Ar8031 Firmware, Ar8035 and 434 more 2026-06-02 7.2 High
Memory Corruption when processing fastboot commands to set display mode.
CVE-2026-25258 1 Qualcomm 43 Cologne, Cologne Firmware, Fastconnect 6900 and 40 more 2026-06-02 7.8 High
Memory corruption while processing IOCTL calls for escape operations.
CVE-2026-25276 1 Qualcomm 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more 2026-06-02 8.8 High
Memory corruption while using Strongbox due to missing bounds check.
CVE-2026-25277 1 Qualcomm 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more 2026-06-02 8.8 High
Memory corruption while using Strongbox due to buffer overflow.
CVE-2026-10188 1 Tenda 2 W12, W12 Firmware 2026-06-02 8.8 High
A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-10187 1 Totolink 2 N300rh, N300rh Firmware 2026-06-02 9.8 Critical
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-10181 1 Trendnet 1 Tew-432brp 2026-06-02 8.8 High
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-37398 1 Asustor 1 Adm 2026-06-02 7.1 High
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.