Latest CVE Feed
-
6.7
MEDIUMCVE-2025-47335
Memory corruption while parsing clock configuration data for a specific hardware type.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcs6490_firmware wcd9370_firmware wcd9375_firmware wsa8832_firmware +80 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-20802
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS1023... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47336
Memory corruption while performing sensor register read operations.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware wcd9395_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wsa8830 wsa8835 +26 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-14625
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime... Read more
- Published: Jan. 07, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2026-20968
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.... Read more
Affected Products : android- Published: Jan. 09, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2026-24056
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink... Read more
Affected Products : pnpm- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-20782
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47334
Memory corruption while processing shared command buffer packet between camera userspace and kernel.... Read more
Affected Products : qca6391_firmware qca6595au_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware +282 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-23885
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribu... Read more
Affected Products : alchemy_cms- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2026-21493
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2025-47333
Memory corruption while handling buffer mapping operations in the cryptographic driver.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware +468 more products- Published: Jan. 07, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-0496
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the applica... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2026-1788
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of th... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2025-46684
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tamp... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-68609
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, pot... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
6.6
MEDIUMCVE-2026-22791
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host p... Read more
Affected Products : opencryptoki- Published: Jan. 13, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, whi... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.8.... Read more
Affected Products : stylish_cost_calculator- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68009
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization