Total
445 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47390 | 1 Qualcomm | 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more | 2026-04-09 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||
| CVE-2025-47400 | 1 Qualcomm | 23 Pandeiro, Pandeiro Firmware, Snapdragon and 20 more | 2026-04-09 | 7.1 High |
| Cryptographic issue while copying data to a destination buffer without validating its size. | ||||
| CVE-2026-21367 | 1 Qualcomm | 301 Ar8035, Ar8035 Firmware, Cologne and 298 more | 2026-04-09 | 7.6 High |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | ||||
| CVE-2026-21371 | 1 Qualcomm | 105 Aqt1000, Aqt1000 Firmware, Cologne and 102 more | 2026-04-09 | 7.8 High |
| Memory Corruption when retrieving output buffer with insufficient size validation. | ||||
| CVE-2026-21373 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21374 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21375 | 1 Qualcomm | 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21376 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21378 | 1 Qualcomm | 103 Aqt1000, Aqt1000 Firmware, Cologne and 100 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-09 | 7.6 High |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||||
| CVE-2025-66038 | 2 Opensc, Opensc Project | 2 Opensc, Opensc | 2026-04-03 | 3.9 Low |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0. | ||||
| CVE-2026-2394 | 1 Rti | 1 Connext Professional | 2026-04-02 | N/A |
| Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-24028 | 1 Powerdns | 1 Dnsdist | 2026-04-01 | 5.3 Medium |
| An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure. | ||||
| CVE-2025-4582 | 1 Rti | 1 Connext Professional | 2026-04-01 | 7.1 High |
| Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | ||||
| CVE-2026-4371 | 1 Mozilla | 1 Thunderbird | 2026-03-27 | 7.4 High |
| A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. | ||||
| CVE-2026-3203 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||||
| CVE-2024-4853 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2026-03-27 | 3.6 Low |
| Memory handling issue in editcap could cause denial of service via crafted capture file | ||||
| CVE-2024-11596 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2026-20846 | 1 Microsoft | 31 Office, Windows 10 1607, Windows 10 1809 and 28 more | 2026-03-16 | 7.5 High |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-28364 | 1 Ocaml | 1 Ocaml | 2026-03-06 | 7.9 High |
| In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. | ||||