| CVE-2025-21459 | Transient DOS while parsing per STA profile in ML IE. | high |
| CVE-2025-21453 | Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | high |
| CVE-2024-49847 | Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | high |
| CVE-2024-49846 | Memory corruption while decoding of OTA messages from T3448 IE. | critical |
| CVE-2024-49845 | Memory corruption during the FRS UDS generation process. | high |
| CVE-2024-49844 | Memory corruption while triggering commands in the PlayReady Trusted application. | high |
| CVE-2024-49842 | Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | high |
| CVE-2024-49841 | Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. | high |
| CVE-2024-49835 | Memory corruption while reading secure file. | high |
| CVE-2024-49830 | Memory corruption while processing an IOCTL call to set mixer controls. | high |
| CVE-2024-49829 | Memory corruption can occur during context user dumps due to inadequate checks on buffer length. | high |
| CVE-2024-45583 | Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. | high |
| CVE-2024-45581 | Memory corruption while sound model registration for voice activation with audio kernel driver. | high |
| CVE-2024-45579 | Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | high |
| CVE-2024-45578 | Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | high |
| CVE-2024-45577 | Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | high |
| CVE-2024-45576 | Memory corruption while prociesing command buffer buffer in OPE module. | high |
| CVE-2024-45575 | Memory corruption Camera kernel when large number of devices are attached through userspace. | high |
| CVE-2024-45574 | Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | high |
| CVE-2024-45570 | Memory corruption may occur during IO configuration processing when the IO port count is invalid. | high |
| CVE-2024-45568 | Memory corruption due to improper bounds check while command handling in camera-kernel driver. | high |
| CVE-2024-45567 | Memory corruption while encoding JPEG format. | high |
| CVE-2024-45566 | Memory corruption during concurrent buffer access due to modification of the reference count. | high |
| CVE-2024-45565 | Memory corruption when blob structure is modified by user-space after kernel verification. | high |
| CVE-2024-45564 | Memory corruption during concurrent access to server info object due to incorrect reference count update. | high |
| CVE-2024-45563 | Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. | high |
| CVE-2024-45562 | Memory corruption during concurrent access to server info object due to unprotected critical field. | high |
| CVE-2024-45554 | Memory corruption during concurrent SSR execution due to race condition on the global maps list. | high |
| CVE-2025-4340 | A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | medium |
| CVE-2025-4333 | A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | medium |
| CVE-2025-46593 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | medium |
| CVE-2025-46592 | Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. | medium |
| CVE-2025-46591 | Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | medium |
| CVE-2025-46590 | Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. | medium |
| CVE-2025-46589 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | high |
| CVE-2025-46588 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | high |
| CVE-2025-4332 | A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4331 | A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-46587 | Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | medium |
| CVE-2025-3281 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin. | medium |
| CVE-2025-3020 | An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact. | medium |
| CVE-2024-58252 | Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | medium |
| CVE-2025-4329 | A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-46586 | Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | medium |
| CVE-2025-46585 | Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. | high |
| CVE-2025-46584 | Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | medium |
| CVE-2025-4328 | A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | medium |
| CVE-2025-4327 | A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | medium |
| CVE-2025-4326 | A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4325 | A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
