Export limit exceeded: 45863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-61690 1 Keyence 1 Kv Studio 2026-04-15 7.8 High
KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
CVE-2025-30221 2026-04-15 N/A
Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.
CVE-2025-67749 1 Pcsx2 1 Pcsx2 2026-04-15 N/A
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.
CVE-2025-2401 2026-04-15 N/A
Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.
CVE-2025-30089 2026-04-15 5.4 Medium
gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.
CVE-2025-61773 1 Pyload 1 Pyload 2026-04-15 8.1 High
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
CVE-2025-29069 2026-04-15 7.3 High
A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms.
CVE-2025-23050 1 Qt 1 Qt 2026-04-15 3.1 Low
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.
CVE-2024-8201 1 Hitachi 1 Ops Center Analyzer 2026-04-15 5.4 Medium
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
CVE-2025-27597 1 Intlify 1 Vue-i18n 2026-04-15 N/A
Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
CVE-2025-62291 1 Strongswan 1 Strongswan 2026-04-15 8.1 High
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
CVE-2024-36251 1 Sharp 22 Bp-b537wr, Bp-b540wr, Bp-b547wd and 19 more 2026-04-15 7.5 High
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVE-2025-30077 2026-04-15 6.2 Medium
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.
CVE-2024-36254 1 Sharp 49 Bp-30c25, Bp-30c25t, Bp-30c25y and 46 more 2026-04-15 7.5 High
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
CVE-2025-27109 2026-04-15 7.3 High
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-62374 2026-04-15 6.4 Medium
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.
CVE-2025-24528 2 Mit, Redhat 5 Kerberos 5, Discovery, Enterprise Linux and 2 more 2026-04-15 7.1 High
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
CVE-2024-37877 1 Ueranism 1 Ueranism 2026-04-15 5.5 Medium
UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in src/lib/rls/rls_pdu.cpp
CVE-2024-8125 2026-04-15 N/A
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.
CVE-2024-8067 1 Perforce 1 Helix Core 2026-04-15 N/A
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.