Export limit exceeded: 363016 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45907 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9557 1 Zephyrproject-rtos 1 Zephyr 2026-04-15 7.6 High
‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬
CVE-2025-26386 1 Johnsoncontrols 1 Istar Configuration Utility 2026-04-15 N/A
Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.
CVE-2025-10217 1 Hitachienergy 1 Asset Suite 2026-04-15 N/A
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolving application performance related issues.
CVE-2024-47611 1 Tukaani 1 Xz 2026-04-15 5.3 Medium
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.
CVE-2025-46599 1 K3s 1 K3s 2026-04-15 6.8 Medium
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.
CVE-2025-20327 1 Cisco 1 Ios 2026-04-15 7.7 High
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVE-2025-20311 1 Cisco 1 Ios Xe Software 2026-04-15 7.4 High
A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition.
CVE-2025-20149 1 Cisco 2 Ios, Ios Xe Software 2026-04-15 6.5 Medium
A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVE-2025-11961 1 Tcpdump 1 Libpcap 2026-04-15 1.9 Low
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.
CVE-2024-48849 2026-04-15 9.4 Critical
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
CVE-2024-5178 2026-04-15 4.9 Medium
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVE-2023-7332 2026-04-15 N/A
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
CVE-2021-47854 1 Dd-wrt 1 Dd-wrt 2026-04-15 9.8 Critical
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.
CVE-2025-46333 2026-04-15 N/A
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`.
CVE-2021-47831 1 Sandboxie-plus 1 Sandboxie 2026-04-15 7.5 High
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
CVE-2025-7677 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 5.9 Medium
A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT.
CVE-2025-13158 1 Apidocjs 1 Apidoc-core 2026-04-15 N/A
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.
CVE-2024-36350 2026-04-15 5.6 Medium
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2021-47818 1 Dupterminator 1 Dupterminator 2026-04-15 7.5 High
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.
CVE-2021-47821 1 Raimersoft 1 Rarmaradio 2026-04-15 7.5 High
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger application instability and potential crash.