Total
331122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-02-04 | 3.7 Low |
| HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | ||||
| CVE-2025-57529 | 1 Youdatasum | 1 Cpas Audit Management System | 2026-02-04 | 9.8 Critical |
| YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access | ||||
| CVE-2025-58340 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58341 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58342 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58343 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58345 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58346 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58347 | 1 Samsung | 3 Exynos, Mobile Devices, Mobile Processor Wearable Processor | 2026-02-04 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-59439 | 1 Samsung | 1 Exynos | 2026-02-04 | 7.5 High |
| An issue was discovered in Samsung Modem Exynos through 2025-08-29. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions. | ||||
| CVE-2025-62349 | 1 Salt Project | 1 Salt | 2026-02-04 | 6.2 Medium |
| Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues. | ||||
| CVE-2025-62599 | 1 Eprosima | 1 Fast Dds | 2026-02-04 | N/A |
| Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versi ons 3.4.1, 3.3.1, and 2.6.11 patch the issue. | ||||
| CVE-2025-63372 | 1 Articentgroup | 1 Zip Rar Extractor Tool | 2026-02-04 | N/A |
| Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. | ||||
| CVE-2025-63656 | 1 Monkey | 1 Monkey | 2026-02-04 | 7.5 High |
| An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||
| CVE-2025-65923 | 1 Frappe | 1 Erpnext | 2026-02-04 | N/A |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affected record is viewed by a user within the ERPNext web interface. This exposure may allow an attacker to compromise user sessions or perform unauthorized actions under the context of a victim's account. | ||||
| CVE-2025-66374 | 1 Cyberark | 1 Endpoint Privilege Manager | 2026-02-04 | 7.8 High |
| CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | ||||
| CVE-2025-67188 | 1 Totolink | 1 A950rg | 2026-02-04 | N/A |
| A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow. | ||||
| CVE-2025-67189 | 1 Totolink | 1 A950rg | 2026-02-04 | N/A |
| A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution. | ||||
| CVE-2025-69662 | 1 Geopandas | 1 Geopandas | 2026-02-04 | 8.6 High |
| SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | ||||
| CVE-2025-69848 | 1 Netbox | 1 Netbox | 2026-02-04 | N/A |
| NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user. | ||||