Export limit exceeded: 22897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22897 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44134 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information. | ||||
| CVE-2026-28859 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-04-02 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | ||||
| CVE-2026-28875 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-02 | 7.5 High |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service. | ||||
| CVE-2024-27860 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | ||||
| CVE-2024-44157 | 1 Apple | 2 Apple Tv, Itunes | 2026-04-02 | 5.5 Medium |
| A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
| CVE-2024-44199 | 1 Apple | 1 Macos | 2026-04-02 | 7.1 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory. | ||||
| CVE-2024-54506 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | ||||
| CVE-2026-28857 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-02 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28841 | 1 Apple | 1 Macos | 2026-04-02 | 6.2 Medium |
| A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. | ||||
| CVE-2024-44307 | 1 Apple | 1 Macos | 2026-04-02 | 7.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2025-43501 | 2 Apple, Webkitgtk | 8 Ios, Ipados, Iphone Os and 5 more | 2026-04-02 | 4.3 Medium |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-44306 | 1 Apple | 1 Macos | 2026-04-02 | 7.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2025-43370 | 1 Apple | 1 Xcode | 2026-04-02 | 4 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | ||||
| CVE-2026-33984 | 1 Freerdp | 1 Freerdp | 2026-04-02 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2. | ||||
| CVE-2026-32710 | 1 Mariadb | 2 Mariadb, Server | 2026-04-02 | 8.6 High |
| MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. | ||||
| CVE-2026-3622 | 1 Tp-link | 3 Tl-wr841n, Tl-wr841n Firmware, Tl-wr841n V14 | 2026-04-02 | 7.5 High |
| The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). | ||||
| CVE-2026-4903 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-04-02 | 8.8 High |
| A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-4904 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4905 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-4906 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||