Export limit exceeded: 22056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22056 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20794 | 1 Intel | 1 Data Center Graphics Driver For Vmware Esxi Software | 2026-05-13 | N/A |
| Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts. | ||||
| CVE-2026-40362 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-05-13 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-34687 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-05-13 | 7.8 High |
| Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-44412 | 1 Siemens | 1 Solid Edge Se2026 | 2026-05-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-28929 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-05-12 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode. | ||||
| CVE-2026-43134 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 8.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE. | ||||
| CVE-2023-7340 | 1 Wazuh | 1 Wazuh | 2026-05-12 | 3.5 Low |
| Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon. | ||||
| CVE-2023-53886 | 1 Xlightftpd | 1 Xlight Ftp Server | 2026-05-12 | 7.5 High |
| Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition. | ||||
| CVE-2023-53879 | 1 Eyemaxsystems | 1 Nvclient | 2026-05-12 | 5.5 Medium |
| NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition. | ||||
| CVE-2020-37013 | 1 Tucows | 1 Audio Playback Recorder | 2026-05-12 | 8.4 High |
| Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields. | ||||
| CVE-2020-37010 | 1 Bearshare | 1 Bearshare Lite | 2026-05-12 | 9.8 Critical |
| BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field. | ||||
| CVE-2020-37001 | 2 Frigate, Frigate3 | 2 Frigate, Frigate Professional | 2026-05-12 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload. | ||||
| CVE-2020-37000 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2026-05-12 | 9.8 Critical |
| Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems. | ||||
| CVE-2020-36997 | 1 Dummysoftware | 1 Backlinkspeed | 2026-05-12 | 9.8 Critical |
| BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application. | ||||
| CVE-2020-36995 | 1 Telnet-lite | 1 Mocha Telnet Lite | 2026-05-12 | 7.5 High |
| Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality. | ||||
| CVE-2020-36994 | 2 Qlik, Qliktech International | 2 Qlikview, Qlikview | 2026-05-12 | 6.2 Medium |
| QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. | ||||
| CVE-2025-65085 | 1 Ashlar | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-12 | 9.8 Critical |
| A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code. | ||||
| CVE-2026-6356 | 1 Augmentt | 1 Augmentt | 2026-05-12 | 9.6 Critical |
| A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information. | ||||
| CVE-2026-43176 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 ("wifi: rtw89: pci: validate sequence number of TX release report") does validation on existing chips, which somehow a release report of SKB becomes malformed. As no clear cause found, add rules ahead for RTL8922DE to avoid crash if it happens. | ||||
| CVE-2026-35157 | 1 Dell | 3 Ecs, Elastic Cloud Storage, Objectscale | 2026-05-12 | 5.8 Medium |
| Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. | ||||