Total
2516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-29811 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-10 | 7.8 High |
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-21171 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, .net and 4 more | 2025-07-10 | 7.5 High |
.NET Remote Code Execution Vulnerability | ||||
CVE-2025-53184 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-53183 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-53182 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-53181 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-53179 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-53180 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-20686 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7915, Mt7916 and 4 more | 2025-07-09 | 8.8 High |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404. | ||||
CVE-2025-27752 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
CVE-2025-26666 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | ||||
CVE-2025-26674 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | ||||
CVE-2025-26668 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | 7.5 High |
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-27478 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7 High |
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-27477 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 8.8 High |
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-27490 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-08 | 7.8 High |
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2023-50229 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 8.0 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936. | ||||
CVE-2023-50230 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 8.0 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938. | ||||
CVE-2023-51596 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 7.1 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939. | ||||
CVE-2025-50130 | 2025-07-08 | 7.8 High | ||
A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution. |