Search Results (4685 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0146 2026-04-15 7.8 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.
CVE-2024-6350 2026-04-15 6.5 Medium
A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.
CVE-2024-41660 1 Openbmc-project 1 Slpd-lite 2026-04-15 9.8 Critical
slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.
CVE-2020-37215 2 Password-solutions, Top Password Software 2 Office Password Recovery, Msn Password Recovery 2026-04-15 7.5 High
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.
CVE-2025-55131 1 Nodejs 1 Nodejs 2026-04-15 7.1 High
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.
CVE-2025-14310 1 Rethinkdb 1 Rethinkdb 2026-04-15 N/A
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.
CVE-2025-7945 2026-04-15 8.8 High
A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2015-10123 1 Wago 10 750-352 Firmware, 750-829 Firmware, 750-831 Firmware and 7 more 2026-04-15 8.8 High
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.
CVE-2025-8760 2026-04-15 9.8 Critical
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
CVE-2024-3871 2026-04-15 9.8 Critical
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.
CVE-2022-50922 1 Litexmedia 1 Audio Conversion Wizard 2026-04-15 9.8 Critical
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code execution through a carefully constructed input buffer.
CVE-2024-46215 1 Mercury 1 Km08-708h Firmware 2026-04-15 6.5 Medium
A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.
CVE-2025-29476 2026-04-15 5.5 Medium
Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de627157208e49bfef6987 in c-blosc2 v.2.17.0 and before.
CVE-2025-14911 1 Mongodb 1 C Driver 2026-04-15 6.5 Medium
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
CVE-2024-42011 1 Spotify 1 Spotify App 2026-04-15 7.5 High
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.
CVE-2024-41631 1 Host-host Neuq Board 1 Host-host Neuq Board 2026-04-15 7.5 High
Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component.
CVE-2024-47864 2026-04-15 N/A
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
CVE-2025-3194 2026-04-15 7.5 High
Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.
CVE-2024-37305 1 Open Quantum Safe 1 Oqs Provider 2026-04-15 8.2 High
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.
CVE-2024-30165 1 Amazon 1 Aws Client Vpn 2026-04-15 7.1 High
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.