Export limit exceeded: 347282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25605 | 1 Play | 1 Equitypandit | 2026-04-15 | 7.5 High |
| EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials. | ||||
| CVE-2019-25465 | 1 Hisilicon | 1 Hiipcam | 2026-04-15 | 7.5 High |
| Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings. | ||||
| CVE-2026-31988 | 1 Thejoshwolfe | 1 Yauzl | 2026-04-15 | 5.3 Medium |
| yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1. | ||||
| CVE-2019-25487 | 1 Sapido | 1 Rb-1732 | 2026-04-15 | 9.8 Critical |
| SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges. | ||||
| CVE-2019-25485 | 1 R-project | 1 R | 2026-04-15 | 6.2 Medium |
| R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges. | ||||
| CVE-2019-25484 | 1 Winmpg | 1 Winmpg Ipod Convert | 2026-04-15 | 6.2 Medium |
| WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition. | ||||
| CVE-2019-25480 | 1 Armbot | 1 Armbot | 2026-04-15 | 7.5 High |
| ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution. | ||||
| CVE-2019-25478 | 1 Getgosoft | 1 Getgo Download Manager | 2026-04-15 | 7.5 High |
| GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable. | ||||
| CVE-2019-25477 | 1 Top Password Software | 1 Rar Password Recovery | 2026-04-15 | 6.2 Medium |
| RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash. | ||||
| CVE-2019-25476 | 1 Top Password Software | 1 Outlook Password Recovery | 2026-04-15 | 6.2 Medium |
| Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition. | ||||
| CVE-2019-25474 | 1 Easy Mp3 Downloader | 1 Easy Mp3 Downloader | 2026-04-15 | 6.2 Medium |
| Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition. | ||||
| CVE-2019-25469 | 1 Newsoftwares | 1 Folder Lock | 2026-04-15 | 6.2 Medium |
| Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition. | ||||
| CVE-2019-25467 | 1 Verypdf | 1 Docprint Pro | 2026-04-15 | 8.4 High |
| Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption. | ||||
| CVE-2019-25466 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2026-04-15 | 8.4 High |
| Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account. | ||||
| CVE-2019-25464 | 1 Dsd Consulting Services | 1 Inputmapper | 2026-04-15 | 5.5 Medium |
| InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash. | ||||
| CVE-2016-20025 | 1 Zkteco | 1 Zkaccess Professional | 2026-04-15 | 8.8 High |
| ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation. | ||||
| CVE-2016-20026 | 1 Zkteco | 1 Zkbiosecurity | 2026-04-15 | 9.8 Critical |
| ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges. | ||||
| CVE-2016-20027 | 1 Zkteco | 1 Zkbiosecurity | 2026-04-15 | 6.1 Medium |
| ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the context of the affected application. | ||||
| CVE-2016-20028 | 1 Zkteco | 1 Zkbiosecurity | 2026-04-15 | 4.3 Medium |
| ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages. | ||||
| CVE-2016-20032 | 1 Zkteco | 1 Zkaccess Security System | 2026-04-15 | 7.2 High |
| ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information. | ||||