Exploit Intelligence Platform

CVE-2025-54628 5.3 MEDIUM EPSS 0.00

Communication Module - Info Disclosure

Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

CWE-118 Aug 06, 2025

CVE-2025-48902 6.6 MEDIUM EPSS 0.00

Setting Module - DoS

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

CWE-118 Jun 06, 2025

CVE-2024-43524 6.8 MEDIUM EPSS 0.00

Microsoft Windows 10 1809 < 10.0.17763.6414 - Remote Code Execution

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CWE-118 Oct 08, 2024

CVE-2023-37923 7.8 HIGH EPSS 0.00

GTKWave <3.3.115 - RCE

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.

CWE-118 Jan 08, 2024

CVE-2023-37922 7.8 HIGH EPSS 0.00

GTKWave <3.3.115 - RCE

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility.

CWE-118 Jan 08, 2024

CVE-2023-37921 7.8 HIGH EPSS 0.00

GTKWave <3.3.115 - RCE

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility.

CWE-118 Jan 08, 2024

CVE-2023-0201 6.7 MEDIUM EPSS 0.00

NVIDIA DGX-2 SBIOS - Memory Corruption

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

CWE-118 Apr 22, 2023

CVE-2022-38072 6.5 MEDIUM 1 Writeup EPSS 0.00

ADMesh Master Commit <767a105-0.98.4 - Buffer Overflow

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CWE-129 Apr 03, 2023

CVE-2022-36402 6.3 MEDIUM EPSS 0.00

Linux Kernel - Privilege Escalation

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

CWE-190 Sep 16, 2022

CVE-2020-3369 7.5 HIGH EPSS 0.01

Cisco SD-WAN vEdge Routers - DoS

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

CWE-118 Jul 16, 2020

CVE-2020-3235 7.7 HIGH EPSS 0.00

Cisco IOS Software - DoS

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

CWE-20 Jun 03, 2020

CVE-2019-6130 5.5 MEDIUM EPSS 0.00

Artifex MuPDF 1.14.0 - Memory Corruption

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

CWE-118 Jan 11, 2019

CVE-2016-10495 9.8 CRITICAL EPSS 0.00

Android <2018-04-05 - Info Disclosure

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.

CWE-118 Apr 18, 2018

CVE-2015-9142 9.8 CRITICAL EPSS 0.00

Android - Memory Corruption

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.

CWE-118 Apr 18, 2018

CVE-2018-7530 7.8 HIGH EPSS 0.00

Omron CX-One <4.42 - Memory Corruption

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.

CWE-843 Apr 17, 2018

CVE-2015-2004 9.8 CRITICAL EPSS 0.01

GNSDK SDK <1.1.7 - Code Injection

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

CWE-118 Mar 29, 2018

CVE-2015-2003 9.8 CRITICAL EPSS 0.01

PJSIP PJSUA2 SDK <51322 - Code Injection

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

CWE-118 Mar 29, 2018

CVE-2015-2002 9.8 CRITICAL EPSS 0.01

ESRI ArcGis Runtime SDK <10.2.6-2 - RCE

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

CWE-118 Mar 29, 2018

CVE-2015-2001 9.8 CRITICAL EPSS 0.01

MetaIO SDK <6.0.2.1 - Code Injection

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

CWE-118 Mar 29, 2018

CVE-2015-2000 9.8 CRITICAL EPSS 0.01

Jumio SDK <1.5.0 - Code Injection

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

CWE-118 Mar 29, 2018

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps