Total
2602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27052 | 1 Qualcomm | 312 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 309 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing data packets in diag received from Unix clients. | |||||
| CVE-2023-43556 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 133 more | 2025-08-11 | N/A | 8.8 HIGH |
| Memory corruption in Hypervisor when platform information mentioned is not aligned. | |||||
| CVE-2024-53027 | 1 Qualcomm | 424 205, 205 Firmware, Apq8017 and 421 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS may occur while processing the country IE. | |||||
| CVE-2023-33068 | 1 Qualcomm | 226 9206 Lte Modem, 9206 Lte Modem Firmware, Aqt1000 and 223 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Audio while processing IIR config data from AFE calibration block. | |||||
| CVE-2023-33085 | 1 Qualcomm | 210 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 207 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in wearables while processing data from AON. | |||||
| CVE-2023-28579 | 1 Qualcomm | 68 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 65 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. | |||||
| CVE-2025-27043 | 1 Qualcomm | 412 Ar8035, Ar8035 Firmware, Csr8811 and 409 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing manipulated payload in video firmware. | |||||
| CVE-2023-28546 | 1 Qualcomm | 560 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 557 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory Corruption in SPS Application while exporting public key in sorter TA. | |||||
| CVE-2023-43542 | 1 Qualcomm | 418 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 415 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | |||||
| CVE-2023-33069 | 1 Qualcomm | 226 9206 Lte Modem, 9206 Lte Modem Firmware, Aqt1000 and 223 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Audio while processing the calibration data returned from ACDB loader. | |||||
| CVE-2023-33077 | 1 Qualcomm | 192 Aqt1000, Aqt1000 Firmware, Ar8035 and 189 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in HLOS while converting from authorization token to HIDL vector. | |||||
| CVE-2023-33017 | 1 Qualcomm | 554 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 551 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | |||||
| CVE-2023-33072 | 1 Qualcomm | 490 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 487 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Core while processing control functions. | |||||
| CVE-2024-21480 | 1 Qualcomm | 230 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 227 more | 2025-08-11 | N/A | 9.8 CRITICAL |
| Memory corruption while playing audio file having large-sized input buffer. | |||||
| CVE-2023-28539 | 1 Qualcomm | 314 Ar8035, Ar8035 Firmware, Ar9380 and 311 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | |||||
| CVE-2025-8736 | 2025-08-08 | N/A | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2017 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | N/A |
| Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25240. | |||||
| CVE-2025-8170 | 1 Totolink | 2 T6, T6 Firmware | 2025-08-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5305 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921. | |||||
| CVE-2025-8160 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-05 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||