Export limit exceeded: 361547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45724 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59820 | 1 Kde | 1 Krita | 2026-04-15 | 6.7 Medium |
| In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative. | ||||
| CVE-2024-48290 | 1 Realtek | 1 Rtl8762ekf-evb Firmware | 2026-04-15 | 4.3 Medium |
| An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet. | ||||
| CVE-2025-26386 | 1 Johnsoncontrols | 1 Istar Configuration Utility | 2026-04-15 | N/A |
| Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool. | ||||
| CVE-2024-48970 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2026-04-15 | 9.3 Critical |
| The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. | ||||
| CVE-2021-47707 | 1 Commax | 1 Cvd-axx Dvr | 2026-04-15 | N/A |
| COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel. | ||||
| CVE-2023-52971 | 1 Mariadb | 1 Mariadb | 2026-04-15 | 4.9 Medium |
| MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | ||||
| CVE-2024-47887 | 1 Rubyonrails | 1 Rails | 2026-04-15 | 3.7 Low |
| Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. | ||||
| CVE-2025-7698 | 2 Canon, Canon Inc. | 10 Generic Plus Lips4 Printer Driver, Generic Plus Lipslx Printer Driver, Generic Plus Pcl6 Printer Driver and 7 more | 2026-04-15 | 5.9 Medium |
| Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | ||||
| CVE-2024-12803 | 2026-04-15 | 7.2 High | ||
| A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2024-12805 | 2026-04-15 | 7.2 High | ||
| A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2025-8808 | 1 Tianti Project | 1 Tianti | 2026-04-15 | 4.3 Medium |
| A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6198 | 2026-04-15 | N/A | ||
| The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem. | ||||
| CVE-2024-40765 | 2026-04-15 | 9.8 Critical | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2025-26278 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2023-48267 | 2026-04-15 | 7.9 High | ||
| Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-47818 | 1 Dupterminator | 1 Dupterminator | 2026-04-15 | 7.5 High |
| DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. | ||||
| CVE-2025-57424 | 1 Hbi | 1 Mycourts | 2026-04-15 | 7.3 High |
| A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the HttpOnly flag on the session cookie, this flaw could be exploited to capture session tokens and hijack user sessions, enabling elevated access. | ||||
| CVE-2025-13084 | 1 Opto 22 | 3 Groov View Server, Grv-epic-pr1 Firmware, Grv-epic-pr2 Firmware | 2026-04-15 | 7.6 High |
| The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators. | ||||
| CVE-2025-35970 | 2026-04-15 | 7.5 High | ||
| On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege. | ||||
| CVE-2024-11217 | 1 Redhat | 1 Openshift | 2026-04-15 | 4.9 Medium |
| A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options. | ||||