Latest CVE Feed
-
7.5
HIGHCVE-2024-56426
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the t... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 +18 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-54327
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Improper input validation in the VTS driver leads to an arbitrary write.... Read more
Affected Products : exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_2200 exynos_1280 exynos_1380- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-49494
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service.... Read more
Affected Products : exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_9110_firmware exynos_2100 exynos_2200 exynos_1280 exynos_1380 +6 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54334
An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.... Read more
Affected Products : exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_2200 exynos_1280 exynos_1380 exynos_2400_firmware exynos_2400 exynos_1480_firmware exynos_1480 +4 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-52513
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.... Read more
Affected Products : exynos_2400_firmware exynos_2400 exynos_1580_firmware exynos_1580 exynos_2500_firmware exynos_2500- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-52512
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.... Read more
Affected Products : exynos_2400_firmware exynos_2400 exynos_1580_firmware exynos_1580 exynos_2500_firmware exynos_2500- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Race Condition
-
5.3
MEDIUMCVE-2025-54333
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-54325
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak... Read more
Affected Products : exynos_1080_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_w920_firmware exynos_1080 exynos_2200 exynos_1280 exynos_1380 exynos_2400_firmware +12 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-54332
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-54331
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-54330
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54329
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a mu... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +26 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54323
An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_980 exynos_990_firmware +14 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2021-47698
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inject an... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2016-15054
Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting (XSS) via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a vict... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-10870
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-46413
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cryptography
-
6.1
MEDIUMCVE-2025-10955
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.This issue affects Netigma: from 6.3.5 before 6.3.5 V8.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.... Read more
Affected Products : curl- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-64346
archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the u... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service