CVE-2025-15382 - Client SCP Request Triggers Buffer Overread by 1 Byte
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0641 - TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21490 - iccDEV has heap buffer overflow in CIccTagLut16::Validate()
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21491 - iccDEV has unicode buffer overflow in CIccTagTextDescription
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21494 - iccDEV has heap buffer overflow in CIccTagLut8::Validate()
CVE ID : CVE-2026-21494
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21494
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0642 - projectworlds House Rental and Property Listing complaint.php cross site scripting
CVE ID : CVE-2026-0642
Published : Jan. 6, 2026, 10:32 p.m. | 1 hour, 40 minutes ago
Description : A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0642
Published : Jan. 6, 2026, 10:32 p.m. | 1 hour, 40 minutes ago
Description : A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47330 - Buffer Over-read in Video
CVE ID : CVE-2025-47330
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Transient DOS while parsing video packets received from the video firmware.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47330
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Transient DOS while parsing video packets received from the video firmware.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47331 - Buffer Over-read in Video
CVE ID : CVE-2025-47331
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure while processing a firmware event.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47331
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure while processing a firmware event.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47332 - Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
CVE ID : CVE-2025-47332
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a config call from userspace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47332
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a config call from userspace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47333 - Use After Free in HLOS
CVE ID : CVE-2025-47333
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling buffer mapping operations in the cryptographic driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47333
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling buffer mapping operations in the cryptographic driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47334 - Buffer Copy Without Checking Size of Input in Camera Driver
CVE ID : CVE-2025-47334
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47334
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47335 - Buffer Copy Without Checking Size of Input in Camera Driver
CVE ID : CVE-2025-47335
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while parsing clock configuration data for a specific hardware type.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47335
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while parsing clock configuration data for a specific hardware type.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47336 - Use After Free in Camera Driver
CVE ID : CVE-2025-47336
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while performing sensor register read operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47336
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while performing sensor register read operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47337 - Use After Free in Camera Driver
CVE ID : CVE-2025-47337
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while accessing a synchronization object during concurrent operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47337
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while accessing a synchronization object during concurrent operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47339 - Use After Free in HLOS
CVE ID : CVE-2025-47339
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while deinitializing a HDCP session.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47339
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while deinitializing a HDCP session.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47343 - Untrusted Pointer Dereference in Video
CVE ID : CVE-2025-47343
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a video session to set video parameters.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47343
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a video session to set video parameters.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47344 - Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
CVE ID : CVE-2025-47344
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling sensor utility operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47344
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling sensor utility operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47345 - Reusing a Nonce, Key Pair in Encryption in Automotive Platform
CVE ID : CVE-2025-47345
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Cryptographic issue may occur while encrypting license data.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47345
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Cryptographic issue may occur while encrypting license data.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47346 - Out-of-bounds Write in HLOS
CVE ID : CVE-2025-47346
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a secure logging command in the trusted application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47346
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a secure logging command in the trusted application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47348 - Use of Uninitialized Variable in HLOS
CVE ID : CVE-2025-47348
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing identity credential operations in the trusted application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47348
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing identity credential operations in the trusted application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...