Export limit exceeded: 345182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28212 | 1 Firebirdsql | 1 Firebird | 2026-04-17 | 7.5 High |
| Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14. | ||||
| CVE-2026-27890 | 1 Firebirdsql | 1 Firebird | 2026-04-17 | 8.2 High |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | ||||
| CVE-2026-33098 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34866 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.1 Medium |
| Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34865 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 9.1 Critical |
| Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34855 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 5.7 Medium |
| Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34867 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.6 Medium |
| Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-33099 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33100 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33101 | 1 Microsoft | 12 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 9 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33824 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-17 | 9.8 Critical |
| Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-6359 | 1 Google | 1 Chrome | 2026-04-17 | 8.8 High |
| Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-6360 | 1 Google | 1 Chrome | 2026-04-17 | 8.8 High |
| Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-6361 | 1 Google | 1 Chrome | 2026-04-17 | 7.2 High |
| Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-6362 | 1 Google | 1 Chrome | 2026-04-17 | 6.3 Medium |
| Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High) | ||||
| CVE-2026-33826 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 R2, Windows Server 2012 R2 and 11 more | 2026-04-17 | 8 High |
| Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-6363 | 1 Google | 1 Chrome | 2026-04-17 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-6364 | 1 Google | 1 Chrome | 2026-04-17 | 6.5 Medium |
| Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium) | ||||
| CVE-2026-33827 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 8.1 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2019-25708 | 1 Heatmiser | 2 Heatmiser Wifi Thermostat, Wifi Thermostat | 2026-04-17 | 4.3 Medium |
| Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent. | ||||