Export limit exceeded: 43614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43614 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34503 | 1 Shuffle Master | 1 Deck Mate 1 | 2026-04-15 | N/A |
| Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update mechanisms, affected systems should be physically protected or retired from service. The vendor has not indicated that firmware updates are available for this legacy model. | ||||
| CVE-2024-21489 | 2 Leeoniya, Redhat | 4 Uplot, Rhel Aus, Rhel E4s and 1 more | 2026-04-15 | 8.2 High |
| Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. | ||||
| CVE-2025-32007 | 1 Intel | 1 Tdx Module | 2026-04-15 | 4.4 Medium |
| Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-0367 | 2026-04-15 | 6.5 Medium | ||
| In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack. | ||||
| CVE-2024-56732 | 2026-04-15 | 8.8 High | ||
| HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | ||||
| CVE-2024-57708 | 2026-04-15 | 5.7 Medium | ||
| An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability. | ||||
| CVE-2024-57970 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4 Medium |
| libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. | ||||
| CVE-2025-23269 | 2026-04-15 | 4.7 Medium | ||
| NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2024-5801 | 2026-04-15 | N/A | ||
| Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | ||||
| CVE-2025-41728 | 1 Beckhoff | 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more | 2026-04-15 | 5.3 Medium |
| A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response. | ||||
| CVE-2025-41726 | 1 Beckhoff | 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more | 2026-04-15 | 8.8 High |
| A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. | ||||
| CVE-2025-2295 | 1 Tianocore | 1 Edk2 | 2026-04-15 | 3.5 Low |
| EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | ||||
| CVE-2025-22920 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 5.3 Medium |
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | ||||
| CVE-2025-22889 | 1 Intel | 3 Processor, Xeon, Xeon Processors | 2026-04-15 | 7.9 High |
| Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22885 | 1 Intel | 1 Tdx Module | 2026-04-15 | 4.7 Medium |
| Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-6068 | 1 Rcokwellautomation | 1 Arena Input Analyzer | 2026-04-15 | 7.3 High |
| A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. | ||||
| CVE-2025-61873 | 1 Bestpractical | 1 Request Tracker | 2026-04-15 | 2.6 Low |
| Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. | ||||
| CVE-2025-43880 | 2026-04-15 | N/A | ||
| Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition. | ||||
| CVE-2025-2240 | 1 Redhat | 9 Apache Camel Spring Boot, Apicurio Registry, Camel Quarkus and 6 more | 2026-04-15 | 7.5 High |
| A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue. | ||||
| CVE-2020-37050 | 1 M.j.m | 1 Quick Player | 2026-04-15 | 9.8 Critical |
| Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution. | ||||