Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45903 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21539 | 1 Eslint | 1 Rewrite | 2026-04-15 | 7.5 High |
| Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | ||||
| CVE-2023-45733 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 2.8 Low |
| Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. | ||||
| CVE-2022-29974 | 2026-04-15 | 4.3 Medium | ||
| AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | ||||
| CVE-2024-37861 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2026-04-15 | 9.8 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | ||||
| CVE-2024-41995 | 1 Ricoh Company Ltd | 1 Javatm Platform | 2026-04-15 | 7.5 High |
| Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor. | ||||
| CVE-2020-36971 | 1 Nidesoft | 1 3gp Video Converter | 2026-04-15 | 8.4 High |
| Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system. | ||||
| CVE-2020-37159 | 1 Parallaxis | 1 Cuckoo Clock | 2026-04-15 | 9.8 Critical |
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. | ||||
| CVE-2020-26310 | 1 Blowsie | 1 Pure Javascript Html5 Parser | 2026-04-15 | N/A |
| Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. | ||||
| CVE-2020-37155 | 1 Core Ftp | 1 Core Ftp Lite | 2026-04-15 | 7.5 High |
| Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction. | ||||
| CVE-2008-20001 | 1 Activepdf | 1 Webgrabber | 2026-04-15 | N/A |
| activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings. | ||||
| CVE-2020-37042 | 3 Frigate, Frigate3, Winfrigate | 3 Frigate, Frigate Professional, Frigate 3 | 2026-04-15 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept. | ||||
| CVE-2020-37043 | 2 10-strike, Nsasoft | 2 Bandwidth Monitor, Network Bandwidth Monitor | 2026-04-15 | 9.8 Critical |
| 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands. | ||||
| CVE-2024-52798 | 2 Pillarjs, Redhat | 8 Path-to-regexp, Apache Camel Hawtio, Discovery and 5 more | 2026-04-15 | 5.3 Medium |
| path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. | ||||
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-04-15 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||
| CVE-2019-25332 | 1 Internet-soft | 1 Ftp Commander Pro | 2026-04-15 | 8.4 High |
| FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential. | ||||
| CVE-2020-37198 | 1 Digitalvolcano | 1 Duplicate Cleaner | 2026-04-15 | 7.5 High |
| Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash. | ||||
| CVE-2015-20111 | 1 Bitcoin | 1 Bitcoin Core | 2026-04-15 | 9.8 Critical |
| miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | ||||
| CVE-2021-26377 | 1 Amd | 11 Athlon, Athlon 3000, Radeon Instinct Mi25 and 8 more | 2026-04-15 | 4.1 Medium |
| Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. | ||||
| CVE-2020-37202 | 1 Nsasoft | 1 Nsauditor Networksleuth | 2026-04-15 | 7.5 High |
| NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | ||||
| CVE-2020-37095 | 1 Cyberoam | 2 Authentication Client, Cyberoamos | 2026-04-15 | 9.8 Critical |
| Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access. | ||||