Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25563 | 1 Uvnc | 1 Pchelpwarev2 | 2026-03-24 | N/A | 6.2 MEDIUM |
| PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash. | |||||
| CVE-2019-25571 | 1 Ventismedia | 1 Mediamonkey | 2026-03-24 | N/A | 6.2 MEDIUM |
| MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog. | |||||
| CVE-2019-25645 | 2026-03-24 | N/A | 6.2 MEDIUM | ||
| WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash. | |||||
| CVE-2019-25617 | 2026-03-23 | N/A | 6.2 MEDIUM | ||
| Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash. | |||||
| CVE-2019-25553 | 2026-03-23 | N/A | 6.2 MEDIUM | ||
| CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow. | |||||
| CVE-2019-25560 | 2026-03-23 | N/A | 7.5 HIGH | ||
| Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality. | |||||
| CVE-2025-13108 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-26 | N/A | 5.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | |||||
| CVE-2025-0647 | 1 Arm | 22 C1-premium, C1-premium Firmware, C1-ultra and 19 more | 2026-01-26 | N/A | 7.9 HIGH |
| In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI. | |||||
| CVE-2024-7883 | 1 Arm | 4 Arm Compiler For Embedded, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 1 more | 2025-12-23 | N/A | 3.7 LOW |
| When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers. | |||||
| CVE-2025-33196 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.4 MEDIUM |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-33198 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 3.3 LOW |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-33200 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 2.3 LOW |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-20622 | 2025-11-12 | N/A | 3.8 LOW | ||
| Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-11602 | 2025-11-04 | N/A | N/A | ||
| Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses. | |||||
| CVE-2025-2522 | 2025-07-15 | N/A | 6.5 MEDIUM | ||
| The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may cause incorrect system behavior. Honeywell also recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are 520.1 before 520.2 TCU9 HF1 and 530 before 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3. | |||||
| CVE-2025-48066 | 1 Wire | 1 Wire-webapp | 2025-05-30 | N/A | 6.0 MEDIUM |
| wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary clients (marking the device as a public computer on login) and regular clients instructing the deletion of all personal information and conversations upon logout. Access to the machine is required to access the data. If encryption-at-rest is used, cryptographic material can't be exported. The underlying issue has been fixed with wire-webapp version 2025-05-14-production.0. In order to mitigate potential impact, the database must be manually deleted on devices where the option "This is a public computer" was used prior to log in or a log out with the request to delete local data with the affected versions has happened before. | |||||
| CVE-2022-39393 | 1 Bytecodealliance | 1 Wasmtime | 2025-05-02 | N/A | 8.6 HIGH |
| Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. | |||||
| CVE-2024-38275 | 1 Moodle | 1 Moodle | 2025-04-30 | N/A | 7.5 HIGH |
| The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | |||||
| CVE-2023-1637 | 1 Linux | 1 Linux Kernel | 2025-02-19 | N/A | 5.5 MEDIUM |
| A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. | |||||
| CVE-2023-3006 | 1 Linux | 1 Linux Kernel | 2025-01-09 | N/A | 5.5 MEDIUM |
| A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. | |||||