Export limit exceeded: 45903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45903 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-04-15 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||
| CVE-2019-25437 | 1 Foscam | 1 Foscam Video Management System | 2026-04-15 | 6.2 Medium |
| Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked. | ||||
| CVE-2020-37074 | 1 Lizardsystems | 1 Remote Desktop Audit | 2026-04-15 | 9.8 Critical |
| Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists. | ||||
| CVE-2020-37070 | 1 Cloudme | 1 Cloudme | 2026-04-15 | 9.8 Critical |
| CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution. | ||||
| CVE-2020-37189 | 1 Digitalvolcano Software | 1 Taskcanvas | 2026-04-15 | 7.5 High |
| TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. | ||||
| CVE-2020-37193 | 2 Krylack, Top Password Software | 2 Zip Password Recovery, Zip Password Recovery | 2026-04-15 | 7.5 High |
| ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file. | ||||
| CVE-2020-37128 | 1 Emtec | 1 Zoc Terminal | 2026-04-15 | 6.2 Medium |
| ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service. | ||||
| CVE-2024-56826 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.6 Medium |
| A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | ||||
| CVE-2019-25327 | 2 Mersenne, Mersenne Research, Inc | 2 Prime95, Prime95 | 2026-04-15 | 9.8 Critical |
| Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110. | ||||
| CVE-2020-37127 | 1 Dnsmasq | 1 Dnsmasq | 2026-04-15 | 5.5 Medium |
| Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters. | ||||
| CVE-2020-26310 | 1 Blowsie | 1 Pure Javascript Html5 Parser | 2026-04-15 | N/A |
| Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. | ||||
| CVE-2020-37126 | 1 Drive Software Company | 1 Free Desktop Clock | 2026-04-15 | 9.8 Critical |
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. | ||||
| CVE-2020-26312 | 2026-04-15 | 8.1 High | ||
| Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. The routine `untarFile` attempts to guard against creating symbolic links that point outside the directory a tar archive is extracted to. However, a malicious tarball first linking `subdir/parent` to `..` (allowed, because `subdir/..` falls within the archive root) and then linking `subdir/parent/escapes` to `..` results in a symbolic link pointing to the tarball’s parent directory, contrary to the routine’s goals. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files the parent process has permissions to read. As of time of publication, no patch for this issue is available. | ||||
| CVE-2020-37122 | 1 Nsauditor | 1 Ftp Password Recover | 2026-04-15 | 7.5 High |
| SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash. | ||||
| CVE-2020-37182 | 1 Troglobit | 1 Redir | 2026-04-15 | 7.5 High |
| Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination. | ||||
| CVE-2024-53589 | 1 Gnu | 1 Binutils | 2026-04-15 | 8.4 High |
| GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. | ||||
| CVE-2020-37183 | 1 Allok Soft | 1 Allok Rm Rmvb To Avi Mpeg Dvd Converter | 2026-04-15 | 9.8 Critical |
| Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe. | ||||
| CVE-2020-37184 | 1 Allok Soft | 1 Allok Video Converter | 2026-04-15 | 9.8 Critical |
| Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field. | ||||
| CVE-2020-37138 | 1 10-strike | 1 Network Inventory Explorer | 2026-04-15 | 9.8 Critical |
| 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain. | ||||
| CVE-2025-1863 | 2026-04-15 | 9.8 Critical | ||
| Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions. | ||||