Export limit exceeded: 363015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23154 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44879 | 2026-04-15 | 7.5 High | ||
| WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2024-40085 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2026-04-15 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | ||||
| CVE-2024-40086 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2026-04-15 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | ||||
| CVE-2025-8076 | 1 Supermicro | 1 Mbd-x13sedw-f | 2026-04-15 | 7.2 High |
| There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||||
| CVE-2025-48508 | 1 Amd | 1 Radeon Pro V710 | 2026-04-15 | 6 Medium |
| Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. | ||||
| CVE-2025-6072 | 1 Abb | 2 Rmc-100, Rmc-100-lite | 2026-04-15 | 7.5 High |
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. | ||||
| CVE-2025-0638 | 1 Nlnetlabs | 1 Routinator | 2026-04-15 | 7.5 High |
| The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator. | ||||
| CVE-2024-41631 | 1 Host-host Neuq Board | 1 Host-host Neuq Board | 2026-04-15 | 7.5 High |
| Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. | ||||
| CVE-2024-41928 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 8.4 High |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
| CVE-2024-42011 | 1 Spotify | 1 Spotify App | 2026-04-15 | 7.5 High |
| The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | ||||
| CVE-2025-12183 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. | ||||
| CVE-2025-41719 | 1 Sauter | 3 Ey-modulo 5 Devices, Modulo 6 Devices, Webserver | 2026-04-15 | 8.8 High |
| A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. | ||||
| CVE-2025-1073 | 2026-04-15 | 7.5 High | ||
| Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. | ||||
| CVE-2025-3007 | 2026-04-15 | 5.5 Medium | ||
| A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24922 | 2026-04-15 | 8.8 High | ||
| A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability. | ||||
| CVE-2009-20003 | 2 Microsoft, Xenorate | 2 Windows, Xenorate | 2026-04-15 | N/A |
| Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file. | ||||
| CVE-2025-31354 | 2026-04-15 | 4.3 Medium | ||
| Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters. | ||||
| CVE-2025-32901 | 1 Kde | 1 Kdeconnect | 2026-04-15 | 4.3 Medium |
| In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash. | ||||
| CVE-2024-27179 | 1 Toshibatec | 40 E-studio-2010-ac, E-studio-2015-nc, E-studio-2020 Ac and 37 more | 2026-04-15 | 4.7 Medium |
| Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2025-10942 | 1 H3c | 1 Magic | 2026-04-15 | 8.8 High |
| A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||