Export limit exceeded: 21533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69247 | 1 Free5gc | 2 Go-upf, Upf | 2026-02-25 | 7.5 High |
| free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix. | ||||
| CVE-2023-47042 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2026-02-25 | 7.8 High |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2018-5410 | 1 Dokan-dev | 1 Dokany | 2026-02-25 | 7.8 High |
| Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. | ||||
| CVE-2022-2845 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-02-25 | 7.8 High |
| Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | ||||
| CVE-2025-68431 | 1 Struktur | 1 Libheif | 2026-02-25 | 6.5 Medium |
| libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes. | ||||
| CVE-2025-29481 | 1 Libbpf Project | 1 Libbpf | 2026-02-25 | 6.2 Medium |
| Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root." | ||||
| CVE-2019-25364 | 2 Tabs Laboratories Corporation, Tabslab | 2 Win10 Mailcarrier, Mailcarrier | 2026-02-24 | 9.8 Critical |
| MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access. | ||||
| CVE-2019-25326 | 2 Northwest Performance Software, Nwpsw | 2 Ippulse, Ippulse | 2026-02-24 | 6.2 Medium |
| ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content. | ||||
| CVE-2025-69700 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2026-02-24 | 7.5 High |
| Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. | ||||
| CVE-2022-22989 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2026-02-24 | 9.8 Critical |
| My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues. | ||||
| CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2026-02-24 | 7.5 High |
| A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | ||||
| CVE-2021-38180 | 1 Sap | 1 Business One | 2026-02-24 | 9.8 Critical |
| SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. | ||||
| CVE-2020-37161 | 2 Wedding-slideshow-studio, Wedding Slideshow Studio | 2 Wedding Slideshow Studio, Wedding Slideshow Studio | 2026-02-24 | 9.8 Critical |
| Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator. | ||||
| CVE-2020-37162 | 2 Wedding-slideshow-studio, Wedding Slideshow Studio | 2 Wedding Slideshow Studio, Wedding Slideshow Studio | 2026-02-24 | 9.8 Critical |
| Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field. | ||||
| CVE-2025-12322 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12273 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12272 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-12265 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12236 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12233 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||