Export limit exceeded: 337803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20780 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-03-30 | 7.8 High |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712. | ||||
| CVE-2025-20779 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-03-30 | 7.0 High |
| In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720. | ||||
| CVE-2025-20778 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-03-30 | 7.8 High |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729. | ||||
| CVE-2026-33530 | 1 Inventree | 1 Inventree | 2026-03-30 | 7.7 High |
| InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e.g. `/api/part/`, `/api/stock/`, `/api/order/so/allocation/`, and others) accept a filters parameter that is passed directly to Django's ORM queryset.filter(**filters) without any field allowlisting. This enables any authenticated user to traverse model relationships using Django's __ lookup syntax and perform blind boolean-based data extraction. This issue is patched in version 1.2.6, and 1.3.0 (or above). Users should update to the patched versions. No known workarounds are available. | ||||
| CVE-2025-20802 | 2 Google, Mediatek | 7 Android, Mt6991, Mt8196 and 4 more | 2026-03-30 | 6.7 Medium |
| In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914. | ||||
| CVE-2025-20800 | 2 Google, Mediatek | 7 Android, Mt2718, Mt6899 and 4 more | 2026-03-30 | 7.8 High |
| In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033. | ||||
| CVE-2025-20799 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-03-30 | 7.8 High |
| In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049. | ||||
| CVE-2025-20798 | 2 Google, Mediatek | 35 Android, Mt2718, Mt6765 and 32 more | 2026-03-30 | 7.8 High |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533. | ||||
| CVE-2025-20797 | 2 Google, Mediatek | 35 Android, Mt2718, Mt6765 and 32 more | 2026-03-30 | 7.8 High |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534. | ||||
| CVE-2025-20796 | 2 Google, Mediatek | 4 Android, Mt6989, Mt8796 and 1 more | 2026-03-30 | 7.8 High |
| In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553. | ||||
| CVE-2025-20760 | 1 Mediatek | 51 Mt2735, Mt2737, Mt6833 and 48 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653. | ||||
| CVE-2025-20761 | 2 Mediatek, Mediatk | 102 Mt2735, Mt2737, Mt6833 and 99 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655. | ||||
| CVE-2025-20762 | 1 Mediatek | 16 Mt6835, Mt6835t, Mt6878 and 13 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760. | ||||
| CVE-2025-20793 | 1 Mediatek | 53 Mt2735, Mt2737, Mt6813 and 50 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836. | ||||
| CVE-2025-20794 | 2 Mediatek, Mediatk | 87 Mt2735, Mt2737, Mt6813 and 84 more | 2026-03-30 | 6.5 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847. | ||||
| CVE-2025-20795 | 2 Google, Mediatek | 55 Android, Mt2718, Mt6580 and 52 more | 2026-03-30 | 7.8 High |
| In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141. | ||||
| CVE-2026-33496 | 1 Ory | 1 Oathkeeper | 2026-03-30 | 8.1 High |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators. | ||||
| CVE-2026-32857 | 1 Firecrawl | 1 Firecrawl | 2026-03-30 | 8.6 High |
| Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an externally valid URL that passes validation and returns an HTTP redirect to an internal or restricted resource, allowing the browser to follow the redirect and fetch the final destination without revalidation, thereby gaining access to internal network services and sensitive endpoints. This issue is distinct from CVE-2024-56800, which describes redirect-based SSRF generally. This vulnerability specifically arises from a post-redirect enforcement gap in implemented SSRF protections, where validation is applied only to the initial request and not to the final redirected destination. | ||||
| CVE-2026-33487 | 1 Russellhaering | 1 Goxmldsig | 2026-03-30 | 7.5 High |
| goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch. | ||||
| CVE-2025-32897 | 1 Apache | 1 Seata | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | ||||