Total
3857 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50956 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message. | |||||
| CVE-2024-57513 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4. | |||||
| CVE-2024-44866 | 2026-04-15 | N/A | 6.8 MEDIUM | ||
| A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file. | |||||
| CVE-2025-14911 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. | |||||
| CVE-2024-7849 | 2026-04-15 | 9.0 HIGH | 8.8 HIGH | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2021-47813 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash. | |||||
| CVE-2025-9557 | 2026-04-15 | N/A | 7.6 HIGH | ||
| An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to a crash and a resultant denial of service. | |||||
| CVE-2025-31700 | 2026-04-15 | N/A | 8.1 HIGH | ||
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | |||||
| CVE-2022-32504 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. This affects Nuki Smart Lock 3.0 before 3.3.5 and 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | |||||
| CVE-2025-20222 | 2026-04-15 | N/A | 8.6 HIGH | ||
| A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device. A successful exploit could allow the attacker to trigger a reload of the device, resulting in a DoS condition. | |||||
| CVE-2024-23079 | 2026-04-15 | N/A | 6.2 MEDIUM | ||
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2025-55131 | 2026-04-15 | N/A | 7.1 HIGH | ||
| A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact. | |||||
| CVE-2024-46215 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | |||||
| CVE-2020-37040 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe. | |||||
| CVE-2024-57510 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. | |||||
| CVE-2020-37042 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept. | |||||
| CVE-2020-37036 | 2026-04-15 | N/A | 8.4 HIGH | ||
| RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe. | |||||
| CVE-2024-53319 | 2026-04-15 | N/A | 7.5 HIGH | ||
| A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters. | |||||
| CVE-2025-25529 | 2026-04-15 | N/A | 5.1 MEDIUM | ||
| Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
| CVE-2024-6350 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. | |||||