Export limit exceeded: 22862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66287 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-04-15 | 8.8 High |
| A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | ||||
| CVE-2021-47824 | 1 Splinterware | 1 Idailydiary | 2026-04-15 | 7.5 High |
| iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash. | ||||
| CVE-2021-47831 | 1 Sandboxie-plus | 1 Sandboxie | 2026-04-15 | 7.5 High |
| Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash. | ||||
| CVE-2025-69209 | 1 Arduino | 1 Arduino Core | 2026-04-15 | N/A |
| ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under specific conditions, this could enable arbitrary code execution on AVR-based Arduino boards. ### Patches - The Fix is included starting from the `1.8.7` release available from the following link [ArduinoCore-avr v1.8.7](https://github.com/arduino/ArduinoCore-avr) - The Fixing Commit is available at the following link [1a6a417f89c8901dad646efce74ae9d3ddebfd59](https://github.com/arduino/ArduinoCore-avr/pull/613/commits/1a6a417f89c8901dad646efce74ae9d3ddebfd59) ### References - [ASEC-26-001 ArduinoCore-avr vXXXX Resolves Buffer Overflow Vulnerability](https://support.arduino.cc/hc/en-us/articles/XXXXX) ### Credits - Maxime Rossi Bellom and Ramtine Tofighi Shirazi from SecMate (https://secmate.dev/) | ||||
| CVE-2025-41719 | 1 Sauter | 3 Ey-modulo 5 Devices, Modulo 6 Devices, Webserver | 2026-04-15 | 8.8 High |
| A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. | ||||
| CVE-2011-10032 | 2 Microsoft, Sunwayland | 2 Windows, Forcecontrol | 2026-04-15 | N/A |
| Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts. | ||||
| CVE-2010-10015 | 1 Aol | 2 Aim, Aol | 2026-04-15 | N/A |
| AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained. | ||||
| CVE-2010-10016 | 1 Bsplayer | 1 Bs.player | 2026-04-15 | N/A |
| BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client. | ||||
| CVE-2018-25125 | 1 Netis-systems | 1 Dl4322d | 2026-04-15 | N/A |
| Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively long argument causes the service, and in practice the router, to crash or become unresponsive, resulting in a loss of availability for the device and connected users. | ||||
| CVE-2010-10017 | 2026-04-15 | N/A | ||
| WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user. | ||||
| CVE-2024-34020 | 1 Hcode | 1 Hcode | 2026-04-15 | 6.5 Medium |
| A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. | ||||
| CVE-2024-50956 | 2026-04-15 | 6.5 Medium | ||
| A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message. | ||||
| CVE-2024-25939 | 2026-04-15 | 6 Medium | ||
| Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-22384 | 2026-04-15 | 2.8 Low | ||
| Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2025-0038 | 1 Amd | 1 Zynq Ultrascale+ | 2026-04-15 | 6.6 Medium |
| In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality. | ||||
| CVE-2025-0633 | 2026-04-15 | 4.0 Medium | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | ||||
| CVE-2022-47090 | 2026-04-15 | 7.8 High | ||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns | ||||
| CVE-2025-0657 | 1 Carrier | 2 Automatedlogic Webctrl, I-vu | 2026-04-15 | N/A |
| A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility. | ||||
| CVE-2025-0662 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 4.9 Medium |
| In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace. | ||||
| CVE-2025-0831 | 2026-04-15 | 7.8 High | ||
| Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. | ||||