Export limit exceeded: 21424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21424 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33349 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-27 | 5.9 Medium |
| fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7. | ||||
| CVE-2025-10685 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-27 | N/A |
| Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42 | ||||
| CVE-2025-69720 | 2 Gnu, Invisible-island | 2 Ncurses, Ncurses | 2026-03-27 | 7.3 High |
| The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | ||||
| CVE-2026-3549 | 1 Wolfssl | 1 Wolfssl | 2026-03-27 | 9.8 Critical |
| Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving. | ||||
| CVE-2020-37131 | 2 Nsasoft, Nsauditor | 2 Product Key Explorer, Product Key Explorer | 2026-03-26 | 6.2 Medium |
| Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash. | ||||
| CVE-2026-20114 | 1 Cisco | 1 Ios Xe Software | 2026-03-26 | 5.4 Medium |
| A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges. | ||||
| CVE-2019-25587 | 1 Bpftpserver | 1 Bulletproof Ftp Server | 2026-03-26 | 6.2 Medium |
| BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration. | ||||
| CVE-2019-25588 | 1 Bpftpserver | 1 Bulletproof Ftp Server | 2026-03-26 | 6.2 Medium |
| BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked. | ||||
| CVE-2026-32853 | 2 Libvncserver, Libvncserver Project | 2 Libvncserver, Libvncserver | 2026-03-26 | 8.1 High |
| LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer. | ||||
| CVE-2024-51347 | 1 Lsc | 1 Smart Connect Indoor Ip Camera | 2026-03-26 | 7.2 High |
| A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function. | ||||
| CVE-2024-51348 | 1 Bs Producten | 1 Petcam | 2026-03-26 | 8.8 High |
| A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request. | ||||
| CVE-2023-43010 | 2 Apple, Redhat | 11 Ios And Ipados, Ipados, Iphone Os and 8 more | 2026-03-25 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2019-25625 | 1 Pixarra | 1 Blob Studio | 2026-03-25 | 6.2 Medium |
| Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive. | ||||
| CVE-2026-33281 | 1 Ellanetworks | 2 Core, Ella Core | 2026-03-25 | 6.5 Medium |
| Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling. | ||||
| CVE-2026-27171 | 1 Zlib | 1 Zlib | 2026-03-25 | 2.9 Low |
| zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | ||||
| CVE-2025-33242 | 1 Nvidia | 2 Dgx B300, Hgx B300 | 2026-03-25 | 5.9 Medium |
| NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering. | ||||
| CVE-2026-33554 | 1 Gnu | 1 Freeipmi | 2026-03-25 | 7.5 High |
| ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: "ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers," "ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers," and "ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers." | ||||
| CVE-2026-33298 | 1 Ggml | 1 Llama.cpp | 2026-03-25 | 7.8 High |
| llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix. | ||||
| CVE-2026-4673 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-25 | 8.8 High |
| Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4674 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-25 | 8.8 High |
| Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||