Export limit exceeded: 43676 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43676 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25330 | 1 Bimesoft | 1 Surfoffline Professional | 2026-04-15 | 7.5 High |
| SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers. | ||||
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-04-15 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||
| CVE-2019-25332 | 1 Internet-soft | 1 Ftp Commander Pro | 2026-04-15 | 8.4 High |
| FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential. | ||||
| CVE-2019-25339 | 1 Ghia-camip | 1 Ghia Camip | 2026-04-15 | 7.5 High |
| GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices. | ||||
| CVE-2019-25341 | 1 Inettools | 1 Inettools For Ios | 2026-04-15 | 7.5 High |
| iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash. | ||||
| CVE-2019-25349 | 1 Scadaapp | 1 Scadaapp For Ios | 2026-04-15 | 7.5 High |
| ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. | ||||
| CVE-2019-25353 | 1 Diy Security | 1 Foscam Video Management System | 2026-04-15 | 7.5 High |
| Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login. | ||||
| CVE-2019-25357 | 1 Webgate | 2 Control Center, Control Center Pro | 2026-04-15 | 8.4 High |
| Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems. | ||||
| CVE-2019-25358 | 1 Nikkhokkho | 1 Fileoptimizer | 2026-04-15 | 7.5 High |
| FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options. | ||||
| CVE-2019-25361 | 1 Ayukov | 1 Ayukov Nftp Client | 2026-04-15 | 9.8 Critical |
| Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150. | ||||
| CVE-2019-25365 | 1 Chaospro | 1 Chaospro | 2026-04-15 | 9.8 Critical |
| ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems. | ||||
| CVE-2025-23016 | 1 Fastcgi | 1 Fcgi | 2026-04-15 | 9.3 Critical |
| FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | ||||
| CVE-2024-48406 | 1 Umicat | 1 Umicat | 2026-04-15 | 9.8 Critical |
| Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. | ||||
| CVE-2025-8736 | 1 Gnu | 1 Cflow | 2026-04-15 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8808 | 1 Tianti Project | 1 Tianti | 2026-04-15 | 4.3 Medium |
| A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-32651 | 1 Dgtlmoon | 1 Changedetection.io | 2026-04-15 | 10 Critical |
| changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). | ||||
| CVE-2025-21096 | 1 Intel | 1 Tdx Module Software | 2026-04-15 | 1.9 Low |
| Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-53558 | 1 Zte | 2 Zxhn F660a, Zxhn F660t | 2026-04-15 | N/A |
| ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. | ||||
| CVE-2025-3197 | 2026-04-15 | 7.3 High | ||
| Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__. | ||||
| CVE-2023-52969 | 1 Mariadb | 1 Mariadb | 2026-04-15 | 4.9 Medium |
| MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. | ||||