Export limit exceeded: 362814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23131 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11775 | 1 Asus | 1 Armoury Crate | 2026-04-15 | N/A |
| An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-8076 | 1 Supermicro | 1 Mbd-x13sedw-f | 2026-04-15 | 7.2 High |
| There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||||
| CVE-2025-52386 | 2026-04-15 | 5.4 Medium | ||
| CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file | ||||
| CVE-2011-10015 | 2026-04-15 | N/A | ||
| Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened. | ||||
| CVE-2025-3710 | 2026-04-15 | 9.8 Critical | ||
| The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||||
| CVE-2024-51983 | 2026-04-15 | 7.5 High | ||
| An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. | ||||
| CVE-2024-51982 | 2026-04-15 | 7.5 High | ||
| An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash. | ||||
| CVE-2025-9316 | 1 N-able | 1 N-central | 2026-04-15 | N/A |
| N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4. | ||||
| CVE-2025-61690 | 1 Keyence | 1 Kv Studio | 2026-04-15 | 7.8 High |
| KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | ||||
| CVE-2024-2105 | 1 Jbl | 7 Boombox 2, Boombox 3, Flip 5 and 4 more | 2026-04-15 | 6.5 Medium |
| An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices. | ||||
| CVE-2025-14911 | 1 Mongodb | 1 C Driver | 2026-04-15 | 6.5 Medium |
| User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. | ||||
| CVE-2024-53555 | 1 Taigaio | 1 Taiga Front | 2026-04-15 | 8.8 High |
| A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. | ||||
| CVE-2025-3301 | 2026-04-15 | N/A | ||
| DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected. | ||||
| CVE-2025-20149 | 1 Cisco | 2 Ios, Ios Xe Software | 2026-04-15 | 6.5 Medium |
| A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2024-8772 | 2026-04-15 | 4.3 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2025-29070 | 2026-04-15 | 7.5 High | ||
| A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and investigation." | ||||
| CVE-2024-48973 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2026-04-15 | 9.3 Critical |
| The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2025-22839 | 1 Intel | 3 Processors, Xeon, Xeon Processors | 2026-04-15 | 7.5 High |
| Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2025-22889 | 1 Intel | 3 Processor, Xeon, Xeon Processors | 2026-04-15 | 7.9 High |
| Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22920 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 5.3 Medium |
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | ||||