Total
335251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54874 | 1 Uclouvain | 1 Openjpeg | 2026-02-26 | 9.8 Critical |
| OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized. | ||||
| CVE-2025-54253 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2026-02-26 | 10 Critical |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2026-02-26 | 6.3 Medium |
| Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-20708 | 1 Mediatek | 64 Modem, Mt2735, Mt2737 and 61 more | 2026-02-26 | 8.8 High |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131. | ||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2026-02-26 | 5.7 Medium |
| Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-20704 | 1 Mediatek | 16 Mt6813, Mt6835, Mt6835t and 13 more | 2026-02-26 | 8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502. | ||||
| CVE-2025-20705 | 4 Google, Linuxfoundation, Mediatek and 1 more | 43 Android, Yocto, Monitor Hang and 40 more | 2026-02-26 | 7.8 High |
| In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964. | ||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2026-02-26 | 5.7 Medium |
| Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-20706 | 2 Google, Mediatek | 7 Android, Mbrain, Mt6899 and 4 more | 2026-02-26 | 7.8 High |
| In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826. | ||||
| CVE-2025-21455 | 1 Qualcomm | 59 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 56 more | 2026-02-26 | 7.8 High |
| Memory corruption while submitting blob data to kernel space though IOCTL. | ||||
| CVE-2025-20707 | 2 Google, Mediatek | 18 Android, Mt2718, Mt6853 and 15 more | 2026-02-26 | 6.7 Medium |
| In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820. | ||||
| CVE-2025-21456 | 1 Qualcomm | 129 Ar8035, Ar8035 Firmware, C-v2x 9150 and 126 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. | ||||
| CVE-2025-3586 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2026-02-26 | 7.2 High |
| In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay Self-Hosted), the Objects module does not restrict the use of Groovy scripts in Object actions for Admin Users. This allows remote authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through Object actions. In contrast, in Liferay DXP (Liferay SaaS), the use of Groovy in Object actions is not allowed due to the high security risks it poses. Starting from Liferay DXP 2024.Q2 and later, a new feature has been introduced in Instance Settings that allows administrators to configure whether Groovy scripts are allowed in their instances. | ||||
| CVE-2025-21458 | 1 Qualcomm | 49 Fastconnect 6900, Fastconnect 6900 Firmware, Qam8255p and 46 more | 2026-02-26 | 7.8 High |
| Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. | ||||
| CVE-2024-28988 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | ||||
| CVE-2025-46810 | 1 Opensuse | 1 Tumbleweed | 2026-02-26 | 7.8 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29. | ||||
| CVE-2025-21461 | 1 Qualcomm | 49 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 46 more | 2026-02-26 | 7.8 High |
| Memory corruption when programming registers through virtual CDM. | ||||
| CVE-2025-43726 | 1 Dell | 1 Alienware Command Center | 2026-02-26 | 6.7 Medium |
| Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2025-21473 | 1 Qualcomm | 13 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 10 more | 2026-02-26 | 7.8 High |
| Memory corruption when using Virtual cdm (Camera Data Mover) to write registers. | ||||
| CVE-2024-40653 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||