Search Results (4685 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36940 1 Tucows 1 Easy Cd & Dvd Cover Creator 2026-04-15 9.8 Critical
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
CVE-2024-42011 1 Spotify 1 Spotify App 2026-04-15 7.5 High
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.
CVE-2021-47813 1 Nsauditor 1 Backup Key Recovery 2026-04-15 7.5 High
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash.
CVE-2024-1969 2026-04-15 8.2 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.
CVE-2024-45746 1 Trustedfirmware 1 Trusted Firmware-m 2026-04-15 9.8 Critical
An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE).
CVE-2024-57392 2026-04-15 5.3 Medium
Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.
CVE-2024-30165 1 Amazon 1 Aws Client Vpn 2026-04-15 7.1 High
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.
CVE-2024-30164 3 Apple, Codesys, Microsoft 3 Macos, Linux, Windows 2026-04-15 6.7 Medium
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.
CVE-2024-46215 1 Mercury 1 Km08-708h Firmware 2026-04-15 6.5 Medium
A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.
CVE-2025-25529 2026-04-15 5.1 Medium
Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2020-37109 1 Asc 1 Timetables 2026-04-15 7.5 High
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
CVE-2024-48806 2026-04-15 6.8 Medium
Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field
CVE-2025-14196 1 H3c 1 Magic B1 2026-04-15 8.8 High
A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-57275 1 Spdk 1 Storage Performance Development Kit 2026-04-15 5.5 Medium
Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf.
CVE-2020-37202 1 Nsasoft 1 Nsauditor Networksleuth 2026-04-15 7.5 High
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
CVE-2020-37155 1 Core Ftp 1 Core Ftp Lite 2026-04-15 7.5 High
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
CVE-2024-25076 2026-04-15 6.8 Medium
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.
CVE-2025-41707 1 Phoenix Contact 4 Quint4-ups/24dc/24dc/10/eip, Quint4-ups/24dc/24dc/20/eip, Quint4-ups/24dc/24dc/40/eip and 1 more 2026-04-15 5.3 Medium
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.
CVE-2025-14310 1 Rethinkdb 1 Rethinkdb 2026-04-15 N/A
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.
CVE-2010-10016 1 Bsplayer 1 Bs.player 2026-04-15 N/A
BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.