Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 22866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3506 | 1 Milestone Systems | 1 Xprotect Vms | 2026-04-15 | 6.7 Medium |
| A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions. | ||||
| CVE-2020-37126 | 1 Drive Software Company | 1 Free Desktop Clock | 2026-04-15 | 9.8 Critical |
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. | ||||
| CVE-2023-32190 | 1 Suse | 1 Opensuse Tumbleweed | 2026-04-15 | 7.8 High |
| mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | ||||
| CVE-2024-11616 | 2026-04-15 | N/A | ||
| Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue. This issue affects Endpoint DLP version below R119. | ||||
| CVE-2023-20601 | 1 Amd | 2 Radeon Pro Vii, Radeon Vii | 2026-04-15 | N/A |
| Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition. | ||||
| CVE-2020-37124 | 1 4mhz | 1 B64dec | 2026-04-15 | 9.8 Critical |
| B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process. | ||||
| CVE-2020-37107 | 1 Coreftp | 1 Core Ftp Le | 2026-04-15 | 7.5 High |
| Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation. | ||||
| CVE-2022-29974 | 2026-04-15 | 4.3 Medium | ||
| AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | ||||
| CVE-2020-37159 | 1 Parallaxis | 1 Cuckoo Clock | 2026-04-15 | 9.8 Critical |
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. | ||||
| CVE-2021-46772 | 2026-04-15 | 3.9 Low | ||
| Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. | ||||
| CVE-2022-50976 | 2 Avibia, Innomic | 2 Avibiline Configurator, Vibroline Configurator | 2026-04-15 | 7.7 High |
| A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. | ||||
| CVE-2020-37179 | 1 Nsasoft | 1 Nsauditor Apkf Product Key Finder | 2026-04-15 | 7.5 High |
| APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. | ||||
| CVE-2020-37180 | 1 Nsasoft | 1 Nsauditor Gtalk Password Finder | 2026-04-15 | 7.5 High |
| GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash. | ||||
| CVE-2024-34087 | 1 G8bpq | 1 Bpq32 | 2026-04-15 | 9.8 Critical |
| An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. | ||||
| CVE-2020-37184 | 1 Allok Soft | 1 Allok Video Converter | 2026-04-15 | 9.8 Critical |
| Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field. | ||||
| CVE-2024-6696 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2026-04-15 | 4.9 Medium |
| The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. | ||||
| CVE-2020-37185 | 1 Nsauditor | 1 Backup Key Recovery | 2026-04-15 | 7.5 High |
| Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. | ||||
| CVE-2020-37187 | 1 Nsasoft | 1 Nsauditor Spotdialup | 2026-04-15 | 7.5 High |
| SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. | ||||
| CVE-2020-37040 | 1 Codeblocks | 1 Code::blocks | 2026-04-15 | 8.4 High |
| Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe. | ||||
| CVE-2020-37189 | 1 Digitalvolcano Software | 1 Taskcanvas | 2026-04-15 | 7.5 High |
| TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. | ||||