Export limit exceeded: 14085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15080 | 2 Mitsubishi, Mitsubishi Electric | 2 Melsec Iq-r Series, Melsec Iq-r Series | 2026-04-15 | N/A |
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product. | ||||
| CVE-2010-10017 | 2026-04-15 | N/A | ||
| WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user. | ||||
| CVE-2024-24455 | 2026-04-15 | 5.9 Medium | ||
| An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | ||||
| CVE-2023-50434 | 2026-04-15 | 9.8 Critical | ||
| emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected. | ||||
| CVE-2025-11573 | 1 Amazon | 1 Ion | 2026-04-15 | 7.5 High |
| An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates. | ||||
| CVE-2024-57509 | 2026-04-15 | 7.8 High | ||
| Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. | ||||
| CVE-2024-56139 | 2026-04-15 | N/A | ||
| pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems. | ||||
| CVE-2021-47797 | 1 Leawo | 1 Prof Media | 2026-04-15 | 7.5 High |
| Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into the registration interface. | ||||
| CVE-2024-22384 | 2026-04-15 | 2.8 Low | ||
| Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-51562 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 6.5 Medium |
| The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. | ||||
| CVE-2024-48869 | 2026-04-15 | 6.1 Medium | ||
| Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38658 | 1 Fujielectric | 2 V-server, V-server Lite | 2026-04-15 | 7.8 High |
| There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | ||||
| CVE-2023-20581 | 2026-04-15 | 2.5 Low | ||
| Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. | ||||
| CVE-2010-20042 | 2026-04-15 | N/A | ||
| Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code. | ||||
| CVE-2024-6768 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2026-04-15 | N/A |
| A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||||
| CVE-2021-47798 | 1 Noteburner | 1 Noteburner | 2026-04-15 | 9.8 Critical |
| NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash. | ||||
| CVE-2024-51566 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 6.5 Medium |
| The NVMe driver queue processing is vulernable to guest-induced infinite loops. | ||||
| CVE-2025-8556 | 1 Redhat | 23 Acm, Advanced Cluster Security, Ceph Storage and 20 more | 2026-04-15 | 3.7 Low |
| A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. | ||||
| CVE-2022-32502 | 1 Nuki | 1 Nuki Smart Lock | 2026-04-15 | 6.3 Medium |
| An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
| CVE-2025-11021 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-04-15 | 7.5 High |
| A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. | ||||