Export limit exceeded: 14034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14034 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50663 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | ||||
| CVE-2026-5873 | 1 Google | 1 Chrome | 2026-04-09 | N/A |
| Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-50665 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters. | ||||
| CVE-2026-31789 | 1 Openssl | 1 Openssl | 2026-04-09 | N/A |
| Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. | ||||
| CVE-2026-21413 | 1 Libraw | 1 Libraw | 2026-04-08 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-32860 | 1 Ni | 1 Labview | 2026-04-08 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-32861 | 1 Ni | 1 Labview | 2026-04-08 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-32862 | 1 Ni | 1 Labview | 2026-04-08 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-5747 | 1 Aws | 1 Firecracker | 2026-04-08 | 7.5 High |
| An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later. | ||||
| CVE-2026-27144 | 2026-04-08 | 8.1 High | ||
| The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime. | ||||
| CVE-2025-50671 | 1 Dlink | 1 Di-8003 | 2026-04-08 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri. | ||||
| CVE-2025-50657 | 1 Dlink | 1 Di-8003 | 2026-04-08 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | ||||
| CVE-2018-25228 | 1 Netsetman | 1 Netsetman | 2026-04-08 | 6.2 Medium |
| NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition. | ||||
| CVE-2018-25230 | 1 Eusing | 1 Free Ip Switcher | 2026-04-08 | 5.5 Medium |
| Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application. | ||||
| CVE-2018-25235 | 1 Networkactiv | 2 Networkactiv Web Server, Web Server | 2026-04-08 | 6.2 Medium |
| NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface. | ||||
| CVE-2019-25654 | 1 Coreftp | 2 Core Ftp, Core Ftp/sftp Server | 2026-04-08 | 7.5 High |
| Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service. | ||||
| CVE-2026-34544 | 2 Academysoftwarefoundation, Openexr | 2 Openexr, Openexr | 2026-04-08 | 7.3 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8. | ||||
| CVE-2025-43219 | 1 Apple | 1 Macos | 2026-04-08 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. | ||||
| CVE-2025-43202 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-08 | 8.8 High |
| This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption. | ||||
| CVE-2026-23424 | 1 Linux | 1 Linux Kernel | 2026-04-08 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space. | ||||