Export limit exceeded: 43643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43643 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25249 | 1 Fortinet | 3 Fortios, Fortisase, Fortiswitchmanager | 2026-02-26 | 7.4 High |
| A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets | ||||
| CVE-2025-47363 | 1 Qualcomm | 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more | 2026-02-26 | 6.8 Medium |
| Memory corruption when calculating oversized partition sizes without proper checks. | ||||
| CVE-2025-47364 | 1 Qualcomm | 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more | 2026-02-26 | 6.8 Medium |
| Memory corruption while calculating offset from partition start point. | ||||
| CVE-2025-47399 | 1 Qualcomm | 29 Cologne, Cologne Firmware, Fastconnect 7800 and 26 more | 2026-02-26 | 7.8 High |
| Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | ||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2026-02-26 | 9.8 Critical |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | ||||
| CVE-2023-6549 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2026-02-26 | 8.2 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read | ||||
| CVE-2025-37169 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-6448 | 1 Unitronics | 33 Samba 3.5, Samba 3.5 Firmware, Samba 4.3 and 30 more | 2026-02-26 | 9.8 Critical |
| Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | ||||
| CVE-2025-64157 | 1 Fortinet | 1 Fortios | 2026-02-26 | 6.7 Medium |
| A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. | ||||
| CVE-2023-33009 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2026-02-26 | 9.8 Critical |
| A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | ||||
| CVE-2023-27524 | 1 Apache | 1 Superset | 2026-02-26 | 8.9 High |
| Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable. | ||||
| CVE-2025-5917 | 2 Libarchive, Redhat | 4 Libarchive, Enterprise Linux, Openshift and 1 more | 2026-02-25 | 2.8 Low |
| A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0. | ||||
| CVE-2024-1062 | 2 Fedoraproject, Redhat | 16 Fedora, 389 Directory Server, Directory Server and 13 more | 2026-02-25 | 5.5 Medium |
| A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | ||||
| CVE-2024-45780 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-02-25 | 6.7 Medium |
| A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections. | ||||
| CVE-2020-37068 | 1 Konicaminolta | 1 Ftp Utility | 2026-02-25 | 9.8 Critical |
| Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code. | ||||
| CVE-2020-37069 | 1 Konicaminolta | 1 Ftp Utility | 2026-02-25 | 9.8 Critical |
| Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code. | ||||
| CVE-2025-36094 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-02-25 | 5.4 Medium |
| IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length. | ||||
| CVE-2023-6725 | 1 Redhat | 2 Openstack, Openstack Platform | 2026-02-25 | 5.5 Medium |
| An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. | ||||
| CVE-2023-6693 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Advanced Virtualization and 1 more | 2026-02-25 | 4.9 Medium |
| A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | ||||
| CVE-2023-46847 | 2 Redhat, Squid-cache | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2026-02-25 | 8.6 High |
| Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | ||||