Export limit exceeded: 362833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45905 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50821 | 1 Siemens | 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime Professional | 2026-04-15 | 6.2 Medium |
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | ||||
| CVE-2024-9448 | 1 Arista | 1 Eos | 2026-04-15 | 7.5 High |
| On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. | ||||
| CVE-2023-50734 | 2026-04-15 | 9 Critical | ||
| A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2025-0325 | 2026-04-15 | 4.3 Medium | ||
| A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device. | ||||
| CVE-2023-50736 | 2026-04-15 | 9 Critical | ||
| A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2023-50434 | 2026-04-15 | 9.8 Critical | ||
| emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected. | ||||
| CVE-2025-55051 | 2026-04-15 | 10 Critical | ||
| CWE-1392: Use of Default Credentials | ||||
| CVE-2025-55050 | 2026-04-15 | 9.8 Critical | ||
| CWE-1242: Inclusion of Undocumented Features | ||||
| CVE-2025-0425 | 2026-04-15 | N/A | ||
| Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed. | ||||
| CVE-2024-50944 | 1 Simplcommerce | 1 Simplcommerce | 2026-04-15 | 9.8 Critical |
| Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. | ||||
| CVE-2024-8772 | 2026-04-15 | 4.3 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-49618 | 2026-04-15 | 7.5 High | ||
| Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-5484 | 2026-04-15 | 8.3 High | ||
| A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. | ||||
| CVE-2023-48906 | 2026-04-15 | 4.3 Medium | ||
| Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function. | ||||
| CVE-2025-4207 | 1 Postgresql | 1 Postgresql | 2026-04-15 | 5.9 Medium |
| Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. | ||||
| CVE-2025-41729 | 2026-04-15 | 7.5 High | ||
| An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. | ||||
| CVE-2025-41728 | 1 Beckhoff | 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more | 2026-04-15 | 5.3 Medium |
| A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response. | ||||
| CVE-2025-41726 | 1 Beckhoff | 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more | 2026-04-15 | 8.8 High |
| A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. | ||||
| CVE-2025-41426 | 2026-04-15 | 9.8 Critical | ||
| Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device. | ||||
| CVE-2025-41418 | 2026-04-15 | 5.3 Medium | ||
| Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request. | ||||