Export limit exceeded: 14329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14329 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40688 | 1 Fortinet | 1 Fortiweb | 2026-04-20 | 6.7 Medium |
| An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. | ||||
| CVE-2019-25666 | 2 Nsasoft, Nsauditor | 2 Spotauditor, Spotauditor | 2026-04-20 | 6.2 Medium |
| SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition. | ||||
| CVE-2019-25667 | 1 Iarsn | 1 Taskinfo | 2026-04-20 | 6.2 Medium |
| TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition. | ||||
| CVE-2025-11709 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-20 | 9.8 Critical |
| A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | ||||
| CVE-2019-25679 | 2 Crun, Realterm | 2 Realterm, Realterm: Serial Terminal | 2026-04-20 | 7.8 High |
| RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked. | ||||
| CVE-2025-13021 | 1 Mozilla | 1 Firefox | 2026-04-20 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145. | ||||
| CVE-2025-13022 | 1 Mozilla | 1 Firefox | 2026-04-20 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145. | ||||
| CVE-2025-14332 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-20 | 7.3 High |
| Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146. | ||||
| CVE-2025-14333 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-20 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | ||||
| CVE-2025-4918 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2026-04-20 | 9.8 Critical |
| An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. | ||||
| CVE-2025-4919 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2026-04-20 | 8.8 High |
| An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. | ||||
| CVE-2025-5269 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2026-04-20 | 8.1 High |
| Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11. | ||||
| CVE-2025-5272 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-20 | 7.3 High |
| Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and Thunderbird 139. | ||||
| CVE-2025-49709 | 1 Mozilla | 1 Firefox | 2026-04-20 | 9.8 Critical |
| Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4. | ||||
| CVE-2025-62550 | 1 Microsoft | 1 Azure Monitor Agent | 2026-04-20 | 8.8 High |
| Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-6507 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2026-04-20 | 7.5 High |
| A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS). | ||||
| CVE-2018-25252 | 2 Serv-u, Solarwinds | 2 Ftp Voyager, Ftp Voyager | 2026-04-20 | 6.2 Medium |
| FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process. | ||||
| CVE-2026-21485 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 8.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2. | ||||
| CVE-2026-0793 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-04-18 | 9.8 Critical |
| ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302. | ||||
| CVE-2026-21679 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 8.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2. | ||||