Export limit exceeded: 362495 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45865 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36965 | 1 Verypdf | 1 Docprint Pro | 2026-04-15 | 8.4 High |
| docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access. | ||||
| CVE-2020-37127 | 1 Dnsmasq | 1 Dnsmasq | 2026-04-15 | 5.5 Medium |
| Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters. | ||||
| CVE-2020-37124 | 1 4mhz | 1 B64dec | 2026-04-15 | 9.8 Critical |
| B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process. | ||||
| CVE-2020-37066 | 1 Goldwave | 1 Goldwave | 2026-04-15 | 9.8 Critical |
| GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened. | ||||
| CVE-2020-37065 | 1 Streamripper | 1 Streamripper | 2026-04-15 | 9.8 Critical |
| StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the application. | ||||
| CVE-2025-6490 | 2026-04-15 | 3.3 Low | ||
| A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release. | ||||
| CVE-2024-28326 | 1 Asus | 1 Rt-n12\+ B1 Firmware | 2026-04-15 | 6.8 Medium |
| Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. | ||||
| CVE-2024-35333 | 2026-04-15 | 8.4 High | ||
| A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. | ||||
| CVE-2024-35371 | 1 Ant-media | 1 Ant-media-server | 2026-04-15 | 7.5 High |
| Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions. | ||||
| CVE-2024-0145 | 2026-04-15 | 6.8 Medium | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2024-0144 | 2026-04-15 | 6.8 Medium | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2024-0120 | 1 Nvidia | 3 Cloud Gaming Guest, Gpu Display Driver, Virtual Gpu | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0117 | 1 Nvidia | 3 Cloud Gaming Guest, Gpu Display Driver, Virtual Gpu | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0114 | 2026-04-15 | 8.1 High | ||
| NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-46583 | 1 Zte | 1 Mc889a | 2026-04-15 | 5.3 Medium |
| There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack. | ||||
| CVE-2025-15506 | 2026-04-15 | 3.3 Low | ||
| A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone. | ||||
| CVE-2022-4969 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312. | ||||
| CVE-2025-4657 | 2026-04-15 | 6.7 Medium | ||
| A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2025-11279 | 1 Axosoft | 1 Scrum And Bug Tracking | 2026-04-15 | 5.5 Medium |
| A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11573 | 1 Amazon | 1 Ion | 2026-04-15 | 7.5 High |
| An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates. | ||||