Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,442
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,501 - 13,520 of 13,618 CVEs
CVE-2026-21487 HIGH - 7.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function. This issue is fixed in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21486 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. Th...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21485 HIGH - 8.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21673 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2025-20801 HIGH - 7.0

In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20800 HIGH - 7.8

In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20799 HIGH - 7.8

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20798 HIGH - 7.8

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20797 HIGH - 7.8

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20796 HIGH - 7.8

In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20795 HIGH - 7.8

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20794 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: mediatek
Product: nr15
Published: Jan 06, 2026
Source: NVD
CVE-2025-20793 HIGH - 7.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: mediatek
Product: nr15
Published: Jan 06, 2026
Source: NVD
CVE-2025-20781 HIGH - 7.8

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20780 HIGH - 7.8

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20779 HIGH - 7.0

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20778 HIGH - 7.8

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20762 HIGH - 7.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: mediatek
Product: nr17
Published: Jan 06, 2026
Source: NVD
CVE-2025-20761 HIGH - 7.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: mediatek
Product: nr15
Published: Jan 06, 2026
Source: NVD
CVE-2025-20760 HIGH - 7.5

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploi...

Vendor: mediatek
Product: nr15
Published: Jan 06, 2026
Source: NVD