Search Results (23172 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-56732 2026-04-15 8.8 High
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
CVE-2025-25178 2026-04-15 7.8 High
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
CVE-2025-9316 1 N-able 1 N-central 2026-04-15 N/A
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
CVE-2024-8159 1 Faronics 1 Deep Freeze 2026-04-15 6.4 Medium
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.
CVE-2025-43881 2026-04-15 N/A
Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.
CVE-2025-11775 1 Asus 1 Armoury Crate 2026-04-15 N/A
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
CVE-2021-47824 1 Splinterware 1 Idailydiary 2026-04-15 7.5 High
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.
CVE-2025-50572 2026-04-15 8.8 High
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.
CVE-2021-47156 2026-04-15 6.5 Medium
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
CVE-2025-0960 2026-04-15 9.8 Critical
AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
CVE-2024-52545 1 Lorextechnology 1 W461asc-e Firmware 2026-04-15 6.5 Medium
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-44331 1 Gstreamer Project 1 Gst-rtsp-server 2026-04-15 7.5 High
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
CVE-2025-7704 1 Supermicro 1 Bmc 2026-04-15 5.4 Medium
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
CVE-2025-48508 1 Amd 1 Radeon Pro V710 2026-04-15 6 Medium
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service.
CVE-2024-56827 1 Redhat 1 Enterprise Linux 2026-04-15 5.6 Medium
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
CVE-2024-37877 1 Ueranism 1 Ueranism 2026-04-15 5.5 Medium
UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in src/lib/rls/rls_pdu.cpp
CVE-2025-24348 2026-04-15 5.4 Medium
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
CVE-2009-10006 1 Alienform2 Project 1 Alienform2 2026-04-15 N/A
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
CVE-2020-37184 1 Allok Soft 1 Allok Video Converter 2026-04-15 9.8 Critical
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.
CVE-2020-37185 1 Nsauditor 1 Backup Key Recovery 2026-04-15 7.5 High
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.