Export limit exceeded: 345093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27628 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-04-16 | 7.5 High |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually. | ||||
| CVE-2026-27747 | 1 Spip | 2 Interface Traduction Objets, Spip | 2026-04-16 | 8.8 High |
| The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() without input validation or parameterization. An authenticated attacker with editor-level privileges can inject crafted SQL expressions into the id_parent parameter to manipulate the backend query. Successful exploitation can result in disclosure or modification of database contents and may lead to denial of service depending on the database configuration and privileges. | ||||
| CVE-2026-27746 | 1 Spip | 2 Jeux, Spip | 2026-04-16 | 6.1 Medium |
| The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages that render a jeux block. When a victim is induced to visit a crafted URL, the injected content is reflected into the response and executed in the victim's browser context. | ||||
| CVE-2026-27745 | 1 Spip | 2 Interface Traduction Objets, Spip | 2026-04-16 | 8.8 High |
| The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because fields prefixed with an underscore bypass protection mechanisms and the hidden content is rendered with filtering disabled, an authenticated attacker with editor-level privileges can inject crafted content that is evaluated through SPIP's template processing chain, resulting in execution of code in the context of the web server. | ||||
| CVE-2026-34519 | 2 Aio-libs, Aiohttp | 2 Aiohttp, Aiohttp | 2026-04-16 | 5.3 Medium |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4. | ||||
| CVE-2026-34520 | 2 Aio-libs, Aiohttp | 2 Aiohttp, Aiohttp | 2026-04-16 | 9.1 Critical |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4. | ||||
| CVE-2026-34525 | 2 Aio-libs, Aiohttp | 2 Aiohttp, Aiohttp | 2026-04-16 | 5.3 Medium |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | ||||
| CVE-2019-25602 | 1 Gsearch | 1 Gsearch | 2026-04-16 | 5.5 Medium |
| GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash. | ||||
| CVE-2019-25591 | 1 Nsasoft | 1 Nsauditor Dnss Domain Name Search Software | 2026-04-16 | 6.2 Medium |
| DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code containing 300 repeated characters into the Name/Key field via the Register menu option. | ||||
| CVE-2019-25592 | 1 Xlinesoft | 1 Phprunner | 2026-04-16 | 6.2 Medium |
| PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash. | ||||
| CVE-2019-25593 | 1 Jetaudio | 2 Jetaudio, Jetcast Server | 2026-04-16 | 5.5 Medium |
| jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process. | ||||
| CVE-2019-25594 | 1 Xlinesoft | 1 Phprunner | 2026-04-16 | 6.2 Medium |
| ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash. | ||||
| CVE-2019-25595 | 1 Jetaudio | 1 Jetaudio | 2026-04-16 | 6.2 Medium |
| jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally. | ||||
| CVE-2019-25599 | 1 Nsauditor | 1 Backup Key Recovery | 2026-04-16 | 6.2 Medium |
| Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form. | ||||
| CVE-2019-25600 | 1 Uvnc | 1 Ultravnc Viewer | 2026-04-16 | 6.5 Medium |
| UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer. | ||||
| CVE-2019-25601 | 1 Uvnc | 1 Ultravnc Launcher | 2026-04-16 | 6.2 Medium |
| UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition. | ||||
| CVE-2019-25604 | 1 Dvd-x-player | 1 Dvd X Player | 2026-04-16 | 8.4 High |
| DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges. | ||||
| CVE-2019-25606 | 1 Alloksoft | 1 Fast Avi Mpeg Joiner | 2026-04-16 | 5.5 Medium |
| Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked. | ||||
| CVE-2019-25590 | 1 Labf | 1 Axessh | 2026-04-16 | 6.2 Medium |
| Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection. | ||||
| CVE-2019-25598 | 1 Heidisql | 1 Heidisql Portable | 2026-04-16 | 6.2 Medium |
| HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash. | ||||