Total
314695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11971 | 1 Gitlab | 1 Gitlab | 2025-10-28 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits. | |||||
| CVE-2023-33107 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8017 and 481 more | 2025-10-28 | N/A | 8.4 HIGH |
| Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||||
| CVE-2024-43047 | 1 Qualcomm | 128 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6800 and 125 more | 2025-10-28 | N/A | 7.8 HIGH |
| Memory corruption while maintaining memory maps of HLOS memory. | |||||
| CVE-2020-11261 | 1 Qualcomm | 798 Apq8009, Apq8009 Firmware, Apq8009w and 795 more | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-22071 | 1 Qualcomm | 180 Apq8053, Apq8053 Firmware, Ar8031 and 177 more | 2025-10-28 | 7.2 HIGH | 8.4 HIGH |
| Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-1905 | 1 Qualcomm | 792 Apq8009, Apq8009 Firmware, Apq8009w and 789 more | 2025-10-28 | 7.2 HIGH | 8.4 HIGH |
| Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1906 | 1 Qualcomm | 800 Apq8009, Apq8009 Firmware, Apq8009w and 797 more | 2025-10-28 | 2.1 LOW | 6.2 MEDIUM |
| Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2023-21492 | 1 Samsung | 1 Android | 2025-10-28 | N/A | 4.4 MEDIUM |
| Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | |||||
| CVE-2023-20867 | 3 Debian, Fedoraproject, Vmware | 3 Debian Linux, Fedora, Tools | 2025-10-28 | N/A | 3.9 LOW |
| A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | |||||
| CVE-2023-20887 | 1 Vmware | 1 Aria Operations For Networks | 2025-10-28 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | |||||
| CVE-2025-11974 | 1 Gitlab | 1 Gitlab | 2025-10-28 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints. | |||||
| CVE-2025-6601 | 1 Gitlab | 1 Gitlab | 2025-10-28 | N/A | 2.7 LOW |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow. | |||||
| CVE-2025-11989 | 1 Gitlab | 1 Gitlab | 2025-10-28 | N/A | 3.7 LOW |
| GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions. | |||||
| CVE-2022-24706 | 1 Apache | 1 Couchdb | 2025-10-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. | |||||
| CVE-2022-2586 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-10-28 | N/A | 5.3 MEDIUM |
| It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | |||||
| CVE-2025-59273 | 1 Microsoft | 1 Azure Event Grid | 2025-10-28 | N/A | 7.3 HIGH |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-11248 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-28 | N/A | 3.2 LOW |
| ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token. | |||||
| CVE-2025-55315 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2025-10-28 | N/A | 9.9 CRITICAL |
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-1038 | 2025-10-28 | N/A | N/A | ||
| The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device. | |||||
| CVE-2025-1037 | 2025-10-28 | N/A | N/A | ||
| By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context. | |||||