Search Results (547 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38290 2 Bluview, Sharp 2 Bluview, Rouvo V 2026-04-15 7.8 High
Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with "system" privileges.
CVE-2024-12011 2026-04-15 7.6 High
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.
CVE-2024-12975 2026-04-15 N/A
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.
CVE-2024-48973 1 Baxter 1 Life2000 Ventilator Firmware 2026-04-15 9.3 Critical
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
CVE-2025-7745 2026-04-15 5.8 Medium
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
CVE-2025-6785 1 Tesla 1 Model 3 2026-04-15 N/A
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.
CVE-2025-22889 1 Intel 3 Processor, Xeon, Xeon Processors 2026-04-15 7.9 High
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-4207 1 Postgresql 1 Postgresql 2026-04-15 5.9 Medium
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
CVE-2026-4371 1 Mozilla 1 Thunderbird 2026-04-14 7.4 High
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
CVE-2026-21381 1 Qualcomm 207 Ar8035, Ar8035 Firmware, Cologne and 204 more 2026-04-13 7.6 High
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
CVE-2025-47390 1 Qualcomm 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more 2026-04-09 7.8 High
Memory corruption while preprocessing IOCTL request in JPEG driver.
CVE-2025-47400 1 Qualcomm 23 Pandeiro, Pandeiro Firmware, Snapdragon and 20 more 2026-04-09 7.1 High
Cryptographic issue while copying data to a destination buffer without validating its size.
CVE-2026-21367 1 Qualcomm 301 Ar8035, Ar8035 Firmware, Cologne and 298 more 2026-04-09 7.6 High
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-21371 1 Qualcomm 105 Aqt1000, Aqt1000 Firmware, Cologne and 102 more 2026-04-09 7.8 High
Memory Corruption when retrieving output buffer with insufficient size validation.
CVE-2026-21373 1 Qualcomm 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more 2026-04-09 7.8 High
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21374 1 Qualcomm 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more 2026-04-09 7.8 High
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVE-2026-21375 1 Qualcomm 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more 2026-04-09 7.8 High
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21376 1 Qualcomm 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more 2026-04-09 7.8 High
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21378 1 Qualcomm 103 Aqt1000, Aqt1000 Firmware, Cologne and 100 more 2026-04-09 7.8 High
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2025-66038 2 Opensc, Opensc Project 2 Opensc, Opensc 2026-04-03 3.9 Low
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.