Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-47397 Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. | 7.8 | HIGH | — | 0 |
| CVE-2025-47366 Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. | 7.1 | HIGH | — | 0 |
| CVE-2025-47364 Memory corruption while calculating offset from partition start point. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47363 Memory corruption when calculating oversized partition sizes without proper checks. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47359 Memory Corruption when multiple threads simultaneously access a memory free API. | 7.8 | HIGH | — | 0 |
| CVE-2025-47358 Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | 7.8 | HIGH | — | 0 |
| CVE-2025-15395 IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14914 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading ... | 7.6 | HIGH | — | 0 |
| CVE-2026-1703 When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dire... | N/A | NONE | — | 0 |
| CVE-2022-50981 An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50980 A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-50979 An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | 6.5 | MEDIUM | — | 0 |
| CVE-2022-50978 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | 7.5 | HIGH | — | 0 |
| CVE-2022-50977 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | 7.5 | HIGH | — | 0 |
| CVE-2022-50976 A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. | 7.7 | HIGH | — | 0 |
| CVE-2022-50975 An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled. | 8.8 | HIGH | — | 0 |
| CVE-2026-24071 It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploite... | 7.8 | HIGH | — | 0 |
| CVE-2026-24070 During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication l... | 8.8 | HIGH | — | 0 |
| CVE-2026-1761 A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit ... | 8.6 | HIGH | — | 0 |
| CVE-2026-1760 A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive heade... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1186 EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outs... | N/A | NONE | — | 0 |
| CVE-2026-1757 A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-8587 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affect... | 8.6 | HIGH | — | 0 |
| CVE-2026-0599 A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The iss... | N/A | NONE | — | 0 |
| CVE-2025-7105 A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid gr... | N/A | NONE | — | 0 |
| CVE-2025-6208 The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-sp... | N/A | NONE | — | 0 |
| CVE-2025-10279 In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with writ... | N/A | NONE | — | 0 |
| CVE-2024-5986 A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-con... | N/A | NONE | — | 0 |
| CVE-2024-5386 In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's acc... | 8.8 | HIGH | — | 0 |
| CVE-2024-4147 In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-2356 A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reins... | N/A | NONE | — | 0 |
| CVE-2026-1751 A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain con... | 3.1 | LOW | — | 0 |
| CVE-2026-1117 A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event h... | N/A | NONE | — | 0 |
| CVE-2024-54263 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spir... | 7.5 | HIGH | — | 0 |
| CVE-2026-20422 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20421 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20420 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20419 In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution pri... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20418 In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20417 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20415 In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20414 In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User inte... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20413 In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20412 In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us... | 7.8 | HIGH | — | 0 |
| CVE-2026-20411 In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interac... | 7.8 | HIGH | — | 0 |
| CVE-2026-20410 In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20409 In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User ... | 7.8 | HIGH | — | 0 |
| CVE-2026-20408 In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. Us... | 8.8 | HIGH | — | 0 |
| CVE-2026-20407 In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction ... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-20406 In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no ... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.