Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22051 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21898 | 1 Nasa | 1 Cryptolib | 2026-04-18 | 8.2 High |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3. | ||||
| CVE-2026-21899 | 1 Nasa | 1 Cryptolib | 2026-04-18 | 4.7 Medium |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3. | ||||
| CVE-2026-22027 | 1 Nasa | 1 Cryptolib | 2026-04-18 | 6.0 Medium |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3. | ||||
| CVE-2026-22705 | 1 Rustcrypto | 1 Signatures | 2026-04-18 | 6.4 Medium |
| RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2. | ||||
| CVE-2026-0821 | 1 Quickjs-ng | 1 Quickjs | 2026-04-18 | 7.3 High |
| A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue. | ||||
| CVE-2026-0822 | 1 Quickjs-ng | 1 Quickjs | 2026-04-18 | 6.3 Medium |
| A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-0837 | 1 Utt | 2 520w, 520w Firmware | 2026-04-18 | 8.8 High |
| A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-0839 | 1 Utt | 2 520w, 520w Firmware | 2026-04-18 | 8.8 High |
| A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-0841 | 1 Utt | 2 520w, 520w Firmware | 2026-04-18 | 8.8 High |
| A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-22695 | 1 Libpng | 1 Libpng | 2026-04-18 | 6.1 Medium |
| LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54. | ||||
| CVE-2026-22801 | 1 Libpng | 1 Libpng | 2026-04-18 | 6.8 Medium |
| LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54. | ||||
| CVE-2026-22213 | 1 Riot-os | 1 Riot | 2026-04-18 | 9.8 Critical |
| RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption. | ||||
| CVE-2026-20809 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-04-18 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20829 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-18 | 5.5 Medium |
| Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-20840 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-18 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2026-20864 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-18 | 7.8 High |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21304 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-18 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21277 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-04-18 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21281 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2026-04-18 | 7.8 High |
| InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21302 | 1 Adobe | 1 Substance 3d Modeler | 2026-04-18 | 5.5 Medium |
| Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||