Export limit exceeded: 20965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33147 | 1 Genericmappingtools | 1 Gmt | 2026-03-25 | 7.3 High |
| GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49. | ||||
| CVE-2026-4551 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-25 | 8.8 High |
| A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4552 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-25 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4553 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-25 | 8.8 High |
| A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-4555 | 1 D-link | 1 Dir-513 | 2026-03-25 | 8.8 High |
| A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-30006 | 1 Xnview | 1 Nconvert | 2026-03-25 | 6.2 Medium |
| XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | ||||
| CVE-2026-4565 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2026-03-25 | 8.8 High |
| A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4566 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-25 | 8.8 High |
| A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4567 | 1 Tenda | 2 A15, A15 Firmware | 2026-03-25 | 9.8 Critical |
| A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4598 | 2 Jsrsasign Project, Kjur | 2 Jsrsasign, Jsrsasign | 2026-03-25 | 7.5 High |
| Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)). | ||||
| CVE-2026-4647 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux, Openshift and 1 more | 2026-03-25 | 6.1 Medium |
| A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks. | ||||
| CVE-2019-25622 | 1 Pixarra | 1 Paint Studio | 2026-03-25 | 6.2 Medium |
| Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable. | ||||
| CVE-2019-25544 | 1 Pidgin | 1 Pidgin | 2026-03-25 | 6.2 Medium |
| Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable. | ||||
| CVE-2019-25551 | 2 Sandboxie, Sandboxie-plus | 2 Sandboxie, Sandboxie | 2026-03-25 | 6.2 Medium |
| Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash. | ||||
| CVE-2019-25559 | 1 Nsauditor | 1 Spotpaltalk | 2026-03-25 | 5.5 Medium |
| SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked. | ||||
| CVE-2019-25570 | 2 Crun, Realterm | 2 Realterm, Realterm: Serial Terminal | 2026-03-25 | 5.5 Medium |
| RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash. | ||||
| CVE-2019-25572 | 1 Nordvpn | 1 Nordvpn | 2026-03-25 | 6.2 Medium |
| NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash. | ||||
| CVE-2026-4529 | 1 D-link | 1 Dhp-1320 | 2026-03-25 | 8.8 High |
| A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2019-25583 | 1 Raimersoft | 1 Rarmaradio | 2026-03-25 | 6.2 Medium |
| RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash. | ||||
| CVE-2019-25585 | 1 Deluge-torrent | 1 Deluge | 2026-03-25 | 6.2 Medium |
| Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash. | ||||