Export limit exceeded: 348841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45745 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43723 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35333 | 2026-04-15 | 8.4 High | ||
| A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. | ||||
| CVE-2024-40765 | 2026-04-15 | 9.8 Critical | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2024-3871 | 2026-04-15 | 9.8 Critical | ||
| The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. | ||||
| CVE-2024-33278 | 1 Asus | 1 Rt-ax88u Firmware | 2026-04-15 | 9.8 Critical |
| Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. | ||||
| CVE-2023-42667 | 1 Intel | 1 Core Ultra Processor | 2026-04-15 | 7.8 High |
| Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33270 | 1 Prestashop | 1 Prestashop | 2026-04-15 | 7.5 High |
| An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component. | ||||
| CVE-2025-12183 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. | ||||
| CVE-2024-32673 | 2026-04-15 | 5.5 Medium | ||
| Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956. | ||||
| CVE-2024-32667 | 2026-04-15 | 3.9 Low | ||
| Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-32669 | 1 Samsung Open Source | 1 Escargot | 2026-04-15 | 5.3 Medium |
| Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. | ||||
| CVE-2024-38509 | 2026-04-15 | 7.2 High | ||
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | ||||
| CVE-2024-32655 | 1 Npgsql | 1 Npgsql | 2026-04-15 | 8.1 High |
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3. | ||||
| CVE-2024-28607 | 2026-04-15 | 2.9 Low | ||
| The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. | ||||
| CVE-2024-27282 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.6 Medium |
| An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. | ||||
| CVE-2024-32482 | 2026-04-15 | 2.2 Low | ||
| The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. | ||||
| CVE-2024-41981 | 1 Siemens | 1 Simcenter Nastran | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-10824 | 1 Axboe | 1 Fio | 2026-04-15 | 5.3 Medium |
| A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-31412 | 1 Omron | 1 Cx-programmer | 2026-04-15 | 7.8 High |
| Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. | ||||
| CVE-2025-4657 | 2026-04-15 | 6.7 Medium | ||
| A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2023-43694 | 1 Malwarebytes | 1 Malwarebytes | 2026-04-15 | 5.2 Medium |
| An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service. | ||||