Total
13661 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20645 | 2 Google, Mediatek | 15 Android, Mt6765, Mt6768 and 12 more | 2026-02-26 | 7.8 High |
| In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599. | ||||
| CVE-2025-20646 | 1 Mediatek | 6 Mt6890, Mt7915, Mt7916 and 3 more | 2026-02-26 | 9.8 Critical |
| In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803. | ||||
| CVE-2025-20650 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2026-02-26 | 6.8 Medium |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061. | ||||
| CVE-2024-53022 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8295p and 43 more | 2026-02-26 | 7.8 High |
| Memory corruption may occur during communication between primary and guest VM. | ||||
| CVE-2024-53030 | 1 Qualcomm | 88 Msm8996au, Msm8996au Firmware, Qam8255p and 85 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing input message passed from FE driver. | ||||
| CVE-2024-53031 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2026-02-26 | 7.8 High |
| Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. | ||||
| CVE-2025-22225 | 1 Vmware | 4 Cloud Foundation, Esxi, Telco Cloud Infrastructure and 1 more | 2026-02-26 | 8.2 High |
| VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. | ||||
| CVE-2025-1938 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2026-02-26 | 6.5 Medium |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-20929 | 2 Samsung, Samsung Mobile | 2 Notes, Samsung Notes | 2026-02-26 | 7.3 High |
| Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. | ||||
| CVE-2025-20931 | 2 Samsung, Samsung Mobile | 2 Notes, Samsung Notes | 2026-02-26 | 7.3 High |
| Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. | ||||
| CVE-2025-27363 | 3 Debian, Freetype, Redhat | 9 Debian Linux, Freetype, Enterprise Linux and 6 more | 2026-02-26 | 8.1 High |
| An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. | ||||
| CVE-2025-27172 | 1 Adobe | 1 Substance 3d Designer | 2026-02-26 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21169 | 1 Adobe | 1 Substance 3d Designer | 2026-02-26 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24450 | 1 Adobe | 1 Substance 3d Painter | 2026-02-26 | 7.8 High |
| Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24451 | 1 Adobe | 1 Substance 3d Painter | 2026-02-26 | 7.8 High |
| Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24440 | 1 Adobe | 1 Substance 3d Sampler | 2026-02-26 | 7.8 High |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24452 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24453 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27178 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27177 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||