Export limit exceeded: 14666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3677 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-3679 | 1 Tenda | 4 F451, F451 Firmware, Fh451 and 1 more | 2026-04-16 | 8.8 High |
| A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3715 | 1 Wavlink | 2 Wl-wn579x3-c, Wl-wn579x3-c Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-3727 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3728 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3729 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3731 | 1 Libssh | 1 Libssh | 2026-04-16 | 5.3 Medium |
| A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. | ||||
| CVE-2026-3732 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3768 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-20636 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-16 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-20621 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-16 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2006-1652 | 1 Ultravnc | 2 Tabbed Viewer, Vnc Viewer | 2026-04-16 | N/A |
| Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. | ||||
| CVE-2004-2710 | 1 Phrozensmoke | 1 Gyach Enhanced | 2026-04-16 | N/A |
| Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name. | ||||
| CVE-1999-0332 | 1 Microsoft | 1 Netmeeting | 2026-04-16 | N/A |
| Buffer overflow in NetMeeting allows denial of service and remote command execution. | ||||
| CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | ||||
| CVE-1999-1588 | 1 Sun | 1 Solaris | 2026-04-16 | 9.8 Critical |
| Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. | ||||
| CVE-2001-0576 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. | ||||
| CVE-2001-0629 | 1 Hp | 1 Openview Network Node Manager | 2026-04-16 | N/A |
| HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter. | ||||
| CVE-2001-0775 | 3 Redhat, Xli, Xloadimage | 3 Linux, Xli, Xloadimage | 2026-04-16 | N/A |
| Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. | ||||
| CVE-2001-0803 | 1 Open Group | 1 Cde Common Desktop Environment | 2026-04-16 | N/A |
| Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. | ||||