Export limit exceeded: 18028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42757 | 2026-04-15 | 4.2 Medium | ||
| Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling. | ||||
| CVE-2023-49144 | 2026-04-15 | 6.7 Medium | ||
| Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-12803 | 2026-04-15 | 7.2 High | ||
| A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2024-38999 | 1 Jrburke | 1 Requirejs | 2026-04-15 | 10 Critical |
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-1275 | 2026-04-15 | N/A | ||
| Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52. | ||||
| CVE-2024-39207 | 2026-04-15 | 8.2 High | ||
| lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. | ||||
| CVE-2024-39697 | 2026-04-15 | 8.6 High | ||
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. | ||||
| CVE-2024-46993 | 1 Electron | 1 Electron | 2026-04-15 | N/A |
| Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents. This issue has been patched in versions 28.3.2, 29.3.3, and 30.0.3. There are no workarounds for this issue. | ||||
| CVE-2024-39766 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 7 High |
| Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-46566 | 1 Msoulier | 1 Tftpy | 2026-04-15 | 7.5 High |
| Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. | ||||
| CVE-2024-24451 | 2026-04-15 | 7.5 High | ||
| A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. | ||||
| CVE-2024-35532 | 2026-04-15 | 9.1 Critical | ||
| An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2023-46272 | 2026-04-15 | 8.8 High | ||
| Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service | ||||
| CVE-2024-41631 | 1 Host-host Neuq Board | 1 Host-host Neuq Board | 2026-04-15 | 7.5 High |
| Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. | ||||
| CVE-2024-4162 | 2026-04-15 | 4.4 Medium | ||
| A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory. | ||||
| CVE-2025-56647 | 1 Farm-fe | 1 Core | 2026-04-15 | 6.5 Medium |
| npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leaked by the WebSocket server. | ||||
| CVE-2024-12212 | 2026-04-15 | 7.8 High | ||
| The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. | ||||
| CVE-2026-40386 | 1 Libexif Project | 1 Libexif | 2026-04-14 | 4 Medium |
| In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. | ||||
| CVE-2026-40385 | 1 Libexif Project | 1 Libexif | 2026-04-14 | 4 Medium |
| In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | ||||
| CVE-2026-34353 | 1 Ocaml | 1 Ocaml | 2026-04-14 | 5.9 Medium |
| In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed. | ||||