Export limit exceeded: 20770 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20770 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27072 | 1 Qualcomm | 73 Qam8255p, Qam8255p Firmware, Qam8295p and 70 more | 2025-08-18 | 5.5 Medium |
| Information disclosure while processing a packet at EAVB BE side with invalid header length. | ||||
| CVE-2025-27075 | 1 Qualcomm | 73 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 70 more | 2025-08-18 | 7.8 High |
| Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host. | ||||
| CVE-2025-47324 | 1 Qualcomm | 3 Qca7005, Qca7005 Firmware, Snapdragon | 2025-08-18 | 7.5 High |
| Information disclosure while accessing and modifying the PIB file of a remote device via powerline. | ||||
| CVE-2024-43790 | 2 Netapp, Vim | 3 Bootstrap Os, Hci Compute Node, Vim | 2025-08-18 | 4.5 Medium |
| Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689. | ||||
| CVE-2025-5942 | 1 Netskope | 1 Netskope | 2025-08-18 | N/A |
| Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine. | ||||
| CVE-2023-44428 | 1 Musescore | 1 Musescore | 2025-08-18 | N/A |
| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20769. | ||||
| CVE-2025-9046 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-18 | 8.8 High |
| A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8949 | 2 D-link, Dlink | 3 Dir-825, Dir-825, Dir-825 Firmware | 2025-08-18 | 7.2 High |
| A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-40682 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2025-08-18 | 6.2 Medium |
| IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input. | ||||
| CVE-2025-36097 | 1 Ibm | 1 Websphere Application Server | 2025-08-18 | 7.5 High |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. | ||||
| CVE-2024-49828 | 1 Ibm | 1 Db2 | 2025-08-17 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-52894 | 1 Ibm | 1 Db2 | 2025-08-17 | 4.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-51473 | 1 Ibm | 1 Db2 | 2025-08-17 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-9041 | 1 Rockwellautomation | 1 Flex 5000 Io | 2025-08-16 | N/A |
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | ||||
| CVE-2025-9042 | 1 Rockwellautomation | 1 Flex 5000 Io | 2025-08-16 | N/A |
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | ||||
| CVE-2025-20244 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-16 | 7.7 High |
| A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload. | ||||
| CVE-2023-50234 | 1 Hancom | 1 Office Cell | 2025-08-15 | 7.8 High |
| Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386. | ||||
| CVE-2024-49541 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-08-15 | 5.5 Medium |
| Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-21459 | 1 Qualcomm | 352 Ar8035, Ar8035 Firmware, Ar9380 and 349 more | 2025-08-15 | 6.5 Medium |
| Information disclosure while handling beacon or probe response frame in STA. | ||||
| CVE-2021-30191 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 High |
| CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. | ||||