Total
12136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20014 | 2 Google, Mediatek | 18 Android, Mt6781, Mt6785 and 15 more | 2025-05-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308. | |||||
| CVE-2021-39990 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. | |||||
| CVE-2021-24042 | 1 Whatsapp | 1 Whatsapp | 2025-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. | |||||
| CVE-2025-27197 | 1 Adobe | 1 Lightroom | 2025-05-22 | N/A | 7.8 HIGH |
| Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-4544 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-05-22 | 6.8 MEDIUM | 6.6 MEDIUM |
| A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. | |||||
| CVE-2024-0517 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-40103 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 5.5 MEDIUM |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-40102 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-40101 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-32821 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-36773 | 1 Artifex | 1 Ghostscript | 2025-05-22 | N/A | 9.8 CRITICAL |
| Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | |||||
| CVE-2022-40106 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-32798 | 1 Apple | 1 Macos | 2025-05-22 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. | |||||
| CVE-2022-40107 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-3195 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 8.8 HIGH |
| Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-2853 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2025-05-22 | N/A | 8.8 HIGH |
| Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-22629 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2025-05-22 | N/A | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-40784 | 1 Mipcm | 2 Mipc Camera, Mipc Camera Firmware | 2025-05-22 | N/A | 8.8 HIGH |
| Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. | |||||
| CVE-2022-3045 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2025-4919 | 2025-05-22 | N/A | 8.8 HIGH | ||
| An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. | |||||