Export limit exceeded: 21338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21338 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31968 | 2 Htslib, Samtools | 2 Htslib, Htslib | 2026-03-25 | 8.1 High |
| HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in which the encodings were used could result in up to eight bytes being written beyond the end of a heap allocation, or up to eight bytes being written to the location of a one byte variable on the stack, possibly causing the values to adjacent variables to change unexpectedly. Depending on the data stream this could result either in a heap buffer overflow or a stack overflow. If a user opens a file crafted to exploit this issue it could lead to the program crashing, overwriting of data structures on the heap or stack in ways not expected by the program, or changing the control flow of the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue. | ||||
| CVE-2026-31969 | 2 Htslib, Samtools | 2 Htslib, Htslib | 2026-03-25 | 8.1 High |
| HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_STOP` method, an out-by-one error in the `cram_byte_array_stop_decode_char()` function check for a full output buffer could result in a single attacker-controlled byte being written beyond the end of a heap allocation. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to exploit this issue, it could lead to the program crashing, or overwriting of data and heap structures in ways not expected by the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue. | ||||
| CVE-2026-31970 | 2 Htslib, Samtools | 2 Htslib, Htslib | 2026-03-25 | 8.1 High |
| HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to store the index. Sixteen zero bytes would then be written to this buffer, and, depending on the result of the overflow the rest of the file may also be loaded into the buffer as well. If the function did attempt to load the data, it would eventually fail due to not reading the expected number of records, and then try to free the overflowed heap buffer. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to exploit this issue, it could lead to the program crashing, or overwriting of data and heap structures in ways not expected by the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. The easiest work-around is to discard any `.gzi` index files from untrusted sources, and use the `bgzip -r` option to recreate them. | ||||
| CVE-2026-31971 | 2 Htslib, Samtools | 2 Htslib, Htslib | 2026-03-25 | 8.1 High |
| HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the `cram_byte_array_len_decode()` failed to validate that the amount of data being unpacked matched the size of the output buffer where it was to be stored. Depending on the data series being read, this could result either in a heap or a stack overflow with attacker-controlled bytes. Depending on the data stream this could result either in a heap buffer overflow or a stack overflow. If a user opens a file crafted to exploit this issue it could lead to the program crashing, overwriting of data structures on the heap or stack in ways not expected by the program, or changing the control flow of the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue. | ||||
| CVE-2026-32743 | 2 Dronecode, Px4 | 2 Px4 Drone Autopilot, Px4-autopilot | 2026-03-25 | 6.5 Medium |
| PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses paths from the log list file with no width specifier, allowing a path longer than 60 characters to overflow the buffer. An attacker with MAVLink link access can trigger this by first creating deeply nested directories via MAVLink FTP, then requesting the log list. The flight controller MAVLink task crashes, losing telemetry and command capability and causing DoS. This issue has been fixed in this commit: https://github.com/PX4/PX4-Autopilot/commit/616b25a280e229c24d5cf12a03dbf248df89c474. | ||||
| CVE-2025-71203 | 1 Linux | 1 Linux Kernel | 2026-03-25 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value after the bounds check to prevent speculative out-of-bounds access and subsequent data leakage via cache side channels. | ||||
| CVE-2022-50508 | 1 Linux | 1 Linux Kernel | 2026-03-25 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit ba45841ca5eb ("wifi: mt76: mt76x02: simplify struct mt76x02_rate_power")', mt76x02 relies on ht[0-7] rate_power data for vht mcs{0,7}, while it uses vth[0-1] rate_power for vht mcs {8,9}. Fix a possible out-of-bound access in mt76x0_phy_get_target_power routine. | ||||
| CVE-2022-50490 | 1 Linux | 1 Linux Kernel | 2026-03-25 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but also incur out-of-bound memory access or expose kernel memory to userspace if current bucket_cnt is greater than bucket_size or zero. Fixing it by stopping batch operation and returning -EBUSY when htab_lock_bucket() fails, and the application can retry or skip the busy batch as needed. | ||||
| CVE-2020-36941 | 2 Guelfoweb, Verbb | 3 Knock, Knockpy, Knock Knock | 2026-03-24 | 9.8 Critical |
| Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications. | ||||
| CVE-2025-61147 | 1 Struktur | 1 Libde265 | 2026-03-24 | 6.2 Medium |
| strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 29 Discovery, Enterprise Linux, Enterprise Linux Eus and 26 more | 2026-03-24 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2023-6377 | 4 Debian, Redhat, Tigervnc and 1 more | 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more | 2026-03-24 | 7.8 High |
| A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. | ||||
| CVE-2026-22316 | 1 Phoenixcontact | 77 Fl Nat 2008, Fl Nat 2208, Fl Nat 2304-2gc-2sfp and 74 more | 2026-03-24 | 6.5 Medium |
| A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack. | ||||
| CVE-2026-22318 | 1 Phoenixcontact | 77 Fl Nat 2008, Fl Nat 2208, Fl Nat 2304-2gc-2sfp and 74 more | 2026-03-24 | 4.9 Medium |
| A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack. | ||||
| CVE-2026-22319 | 1 Phoenixcontact | 77 Fl Nat 2008, Fl Nat 2208, Fl Nat 2304-2gc-2sfp and 74 more | 2026-03-24 | 4.9 Medium |
| A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack. | ||||
| CVE-2026-22320 | 1 Phoenixcontact | 77 Fl Nat 2008, Fl Nat 2208, Fl Nat 2304-2gc-2sfp and 74 more | 2026-03-24 | 6.5 Medium |
| A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service. | ||||
| CVE-2026-22321 | 1 Phoenixcontact | 77 Fl Nat 2008, Fl Nat 2208, Fl Nat 2304-2gc-2sfp and 74 more | 2026-03-24 | 5.3 Medium |
| A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption. | ||||
| CVE-2026-26948 | 1 Dell | 1 Integrated Dell Remote Access Controller 8 | 2026-03-24 | 4.9 Medium |
| Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2026-20726 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-62403 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||