Export limit exceeded: 345193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345193 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25617 | 1 Audiotool | 1 Ease Audio Converter | 2026-04-16 | 6.2 Medium |
| Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash. | ||||
| CVE-2019-25601 | 1 Uvnc | 1 Ultravnc Launcher | 2026-04-16 | 6.2 Medium |
| UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition. | ||||
| CVE-2019-25592 | 1 Xlinesoft | 1 Phprunner | 2026-04-16 | 6.2 Medium |
| PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash. | ||||
| CVE-2019-25598 | 1 Heidisql | 1 Heidisql Portable | 2026-04-16 | 6.2 Medium |
| HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash. | ||||
| CVE-2019-25590 | 1 Labf | 1 Axessh | 2026-04-16 | 6.2 Medium |
| Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection. | ||||
| CVE-2019-25602 | 1 Gsearch | 1 Gsearch | 2026-04-16 | 5.5 Medium |
| GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash. | ||||
| CVE-2019-25616 | 1 Ddz1977 | 1 Anming Mp3 Cd Burner | 2026-04-16 | 6.2 Medium |
| AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition. | ||||
| CVE-2019-25593 | 1 Jetaudio | 2 Jetaudio, Jetcast Server | 2026-04-16 | 5.5 Medium |
| jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process. | ||||
| CVE-2019-25609 | 1 Jetaudio | 1 Jetaudio | 2026-04-16 | 8.4 High |
| JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges. | ||||
| CVE-2019-25610 | 1 Netnumber | 1 Netnumber Titan Enum/dns/np | 2026-04-16 | 6.5 Medium |
| NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow. | ||||
| CVE-2026-29000 | 1 Pac4j | 1 Pac4j | 2026-04-16 | 9.1 Critical |
| pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators. | ||||
| CVE-2026-40393 | 1 Mesa3d | 1 Mesa | 2026-04-16 | 8.1 High |
| In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. | ||||
| CVE-2025-11252 | 2 Signum Technology Promotion And Training, Signumtte | 2 Windesk.fm, Windesk.fm | 2026-04-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published. | ||||
| CVE-2016-20061 | 1 Sheedantivirus | 1 Sheed Antivirus | 2026-04-16 | 7.8 High |
| sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2018-25238 | 1 Vsco | 1 Vsco | 2026-04-16 | 6.2 Medium |
| VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application crash. | ||||
| CVE-2018-25240 | 1 Microsoft | 1 Watchr | 2026-04-16 | 6.2 Medium |
| Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash. | ||||
| CVE-2018-25241 | 1 Microsoft | 1 Vpn Browser+ | 2026-04-16 | 7.5 High |
| VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that terminates the application. | ||||
| CVE-2018-25242 | 1 Microsoft | 1 One Search | 2026-04-16 | 6.2 Medium |
| One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled exception that crashes the application. | ||||
| CVE-2018-25251 | 1 Sourceforge | 1 Snes9k 0.0.9z | 2026-04-16 | 8.4 High |
| Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation. | ||||
| CVE-2019-25659 | 1 Xlinesoft | 1 Asprunner Professional | 2026-04-16 | 6.2 Medium |
| ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash. | ||||