Export limit exceeded: 20171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43479 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9962 | 1 Novakon | 1 P Series | 2026-04-15 | N/A |
| A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2024-1441 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2026-04-15 | 5.5 Medium |
| An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. | ||||
| CVE-2024-36336 | 2026-04-15 | 7.9 High | ||
| Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. | ||||
| CVE-2024-36354 | 1 Amd | 11 Athlon, Athlon 3000, Epyc and 8 more | 2026-04-15 | 7.5 High |
| Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level. | ||||
| CVE-2025-7921 | 2026-04-15 | 9.8 Critical | ||
| Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code. | ||||
| CVE-2024-36533 | 1 Volcano | 1 Volcano | 2026-04-15 | 9.8 Critical |
| Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-5178 | 2026-04-15 | 4.9 Medium | ||
| ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | ||||
| CVE-2024-36583 | 1 Byondreal | 1 Accessor | 2026-04-15 | 8.1 High |
| A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | ||||
| CVE-2024-37571 | 2026-04-15 | 4.3 Medium | ||
| Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter. | ||||
| CVE-2013-10064 | 1 Actfax | 1 Actfax | 2026-04-15 | N/A |
| A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication. | ||||
| CVE-2022-38696 | 2026-04-15 | 9.8 Critical | ||
| In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges. | ||||
| CVE-2024-3911 | 2026-04-15 | 6.5 Medium | ||
| An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. | ||||
| CVE-2024-39129 | 2026-04-15 | 5.3 Medium | ||
| Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp. | ||||
| CVE-2025-22920 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 5.3 Medium |
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | ||||
| CVE-2024-56433 | 1 Shadow-maint | 1 Shadow-utils | 2026-04-15 | 3.6 Low |
| shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | ||||
| CVE-2025-40912 | 2026-04-15 | 9.8 Critical | ||
| CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362. | ||||
| CVE-2024-39249 | 1 Redhat | 4 Advanced Cluster Security, Openshift Data Foundation, Rhdh and 1 more | 2026-04-15 | 7.5 High |
| Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input. | ||||
| CVE-2025-48964 | 1 Iputils | 1 Iputils | 2026-04-15 | 6.5 Medium |
| ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero). | ||||
| CVE-2025-34108 | 2026-04-15 | N/A | ||
| A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2025-65102 | 1 Pjsip | 1 Pjsip | 2026-04-15 | N/A |
| PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16. | ||||