Export limit exceeded: 21132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3887 3 Debian, Gstreamer, Redhat 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more 2026-03-17 8.8 High
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
CVE-2023-44429 2 Gstreamer, Redhat 3 Gstreamer, Enterprise Linux, Rhel Eus 2026-03-17 8.8 High
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.
CVE-2023-37329 1 Gstreamer 1 Gstreamer 2026-03-17 8.8 High
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.
CVE-2025-6663 1 Gstreamer 1 Gstreamer 2026-03-17 N/A
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381.
CVE-2022-2122 3 Debian, Gstreamer, Redhat 3 Debian Linux, Gstreamer, Enterprise Linux 2026-03-17 7.8 High
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
CVE-2025-27535 1 Intel 3 Ethernet Connection E825-c, Ethernet Connection E825-c., Ethernet Controller 2026-03-17 5.3 Medium
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-27243 1 Intel 13 Ethernet Controller, Ethernet Controller E810, Ethernet Network Adapter E810-2cqda2 and 10 more 2026-03-17 6 Medium
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-70039 1 Linagora 1 Twake 2026-03-13 9.8 Critical
An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223.
CVE-2025-54820 1 Fortinet 1 Fortimanager 2026-03-12 7 High
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
CVE-2025-66178 1 Fortinet 1 Fortiweb 2026-03-12 6.7 Medium
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
CVE-2025-36920 1 Google 1 Android 2026-03-12 8.4 High
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-41766 2 Mbs, Mbs-solutions 7 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 4 more 2026-03-11 8.8 High
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
CVE-2025-65791 1 Zoneminder 1 Zoneminder 2026-03-11 9.8 Critical
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.
CVE-2023-47104 2 Linux, Vareille 2 Linux Kernel, Tinyfiledialogs 2026-03-10 9.8 Critical
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
CVE-2025-70241 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
CVE-2025-70240 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
CVE-2025-70239 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
CVE-2025-70237 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
CVE-2025-70234 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
CVE-2024-55021 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-09 7.5 High
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.