Export limit exceeded: 22056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22056 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8621 | 2 Haxx, Redhat | 3 Curl, Jboss Core Services, Rhel Software Collections | 2026-04-16 | N/A |
| The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | ||||
| CVE-2026-20053 | 1 Cisco | 3 Cisco Utd Snort Ips Engine Software, Cyber Vision, Secure Firewall Threat Defense | 2026-04-16 | 5.8 Medium |
| Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition. | ||||
| CVE-2026-6168 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-04-16 | 8.8 High |
| A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-3540 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-16 | 8.8 High |
| Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3544 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-16 | 8.8 High |
| Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-28540 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4 Medium |
| Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-28546 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 5.9 Medium |
| Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-3606 | 2 Ettercap, Ettercap-project | 2 Ettercap, Ettercap | 2026-04-16 | 3.3 Low |
| A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-29062 | 1 Fasterxml | 2 Jackson, Jackson-core | 2026-04-16 | 7.5 High |
| jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0. | ||||
| CVE-2026-26018 | 1 Coredns.io | 1 Coredns | 2026-04-16 | 7.5 High |
| CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2. | ||||
| CVE-2026-3663 | 1 Xlnt-community | 1 Xlnt | 2026-04-16 | 3.3 Low |
| A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-3664 | 1 Xlnt-community | 1 Xlnt | 2026-04-16 | 3.3 Low |
| A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue. | ||||
| CVE-2026-3678 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3769 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-3799 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-3802 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3803 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3804 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3809 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2026-04-16 | 8.8 High |
| A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3811 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | ||||