Export limit exceeded: 42502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59028 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 5.3 Medium |
| When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known. | ||||
| CVE-2026-34475 | 1 Varnish-software | 1 Varnish Cache | 2026-03-30 | 5.4 Medium |
| Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass. | ||||
| CVE-2026-20429 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. | ||||
| CVE-2026-20424 | 2 Google, Mediatek | 6 Android, Mt6991, Mt6993 and 3 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540. | ||||
| CVE-2026-20440 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824. | ||||
| CVE-2026-20436 | 1 Mediatek | 8 Mt7902, Mt7920, Mt7921 and 5 more | 2026-03-30 | 6.7 Medium |
| In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970. | ||||
| CVE-2025-20807 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-03-30 | 6.7 Medium |
| In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451. | ||||
| CVE-2025-20803 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-03-30 | 6.7 Medium |
| In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504. | ||||
| CVE-2025-20797 | 2 Google, Mediatek | 35 Android, Mt2718, Mt6765 and 32 more | 2026-03-30 | 7.8 High |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534. | ||||
| CVE-2025-20796 | 2 Google, Mediatek | 4 Android, Mt6989, Mt8796 and 1 more | 2026-03-30 | 7.8 High |
| In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553. | ||||
| CVE-2025-20794 | 2 Mediatek, Mediatk | 87 Mt2735, Mt2737, Mt6813 and 84 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847. | ||||
| CVE-2026-20413 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-03-30 | 6.7 Medium |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694. | ||||
| CVE-2026-20408 | 2 Mediatek, Openwrt | 8 Mt6890, Mt7615, Mt7915 and 5 more | 2026-03-30 | 8.8 High |
| In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758. | ||||
| CVE-2026-20421 | 1 Mediatek | 16 Mt2735, Mt6833, Mt6853 and 13 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922. | ||||
| CVE-2026-20420 | 1 Mediatek | 40 Mt2735, Mt2737, Mt6813 and 37 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935. | ||||
| CVE-2026-4427 | 1 Redhat | 11 Advanced Cluster Management For Kubernetes, Advanced Cluster Security, Enterprise Linux and 8 more | 2026-03-30 | 7.5 High |
| Duplicate of CVE-2026-32286 | ||||
| CVE-2026-25783 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2026-03-30 | 4.3 Medium |
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586 | ||||
| CVE-2026-4276 | 1 Librechat | 1 Rag Api | 2026-03-29 | 7.5 High |
| LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries. | ||||
| CVE-2026-23262 | 1 Linux | 1 Linux Kernel | 2026-03-29 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size of the NIC's stats. When the number of queues is changed, the driver's stats region is resized. If the queue count is increased, the NIC can write past the end of the allocated stats region, causing memory corruption. If the queue count is decreased, there is a gap between the driver and NIC stats, leading to incorrect stats reporting. This change fixes the issue by allocating stats region with maximum size, and the offset calculation for NIC stats is changed to match with the calculation of the NIC. | ||||
| CVE-2026-33147 | 2 Generic-mapping-tools, Genericmappingtools | 2 Gmt, Gmt | 2026-03-29 | 7.3 High |
| GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49. | ||||