Total
3990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25289 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help menu's Enter Registration Code dialog to cause a denial of service. | |||||
| CVE-2018-25291 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened. | |||||
| CVE-2018-25264 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition. | |||||
| CVE-2018-25293 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings. | |||||
| CVE-2018-25294 | 2026-04-27 | N/A | 7.5 HIGH | ||
| CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition. | |||||
| CVE-2018-25275 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash. | |||||
| CVE-2018-25292 | 2026-04-27 | N/A | 6.2 MEDIUM | ||
| Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service. | |||||
| CVE-2018-25296 | 2026-04-27 | N/A | 5.5 MEDIUM | ||
| P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service. | |||||
| CVE-2018-25263 | 2026-04-27 | N/A | 8.4 HIGH | ||
| Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution. | |||||
| CVE-2026-33337 | 1 Firebirdsql | 1 Firebird | 2026-04-27 | N/A | 7.5 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-5566 | 2026-04-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2026-4862 | 2026-04-24 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2020-36120 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2008-0379 | 1 Businessobjects | 1 Crystal Reports Xi | 2026-04-23 | 9.3 HIGH | N/A |
| Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. | |||||
| CVE-2008-3496 | 1 Linux | 1 Linux Kernel | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. | |||||
| CVE-2007-1770 | 1 Esri | 1 Arcsde | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. | |||||
| CVE-2008-3275 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2026-04-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. | |||||
| CVE-2007-2809 | 1 Opera | 1 Opera Browser | 2026-04-23 | 9.3 HIGH | N/A |
| Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. | |||||
| CVE-2009-3023 | 1 Microsoft | 6 Internet Information Server, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | 9.0 HIGH | N/A |
| Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | |||||
| CVE-2009-0182 | 1 Vuplayer | 1 Vuplayer | 2026-04-23 | 9.3 HIGH | 8.8 HIGH |
| Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. | |||||