Total
1694 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54949 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be | |||||
| CVE-2024-43168 | 2026-04-15 | N/A | 4.8 MEDIUM | ||
| DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. | |||||
| CVE-2023-5400 | 2026-04-15 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2025-23123 | 2026-04-15 | N/A | 10.0 CRITICAL | ||
| A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware. | |||||
| CVE-2025-0662 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace. | |||||
| CVE-2025-14905 | 2026-04-15 | N/A | 7.2 HIGH | ||
| A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE). | |||||
| CVE-2025-3512 | 2026-04-15 | N/A | N/A | ||
| There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. | |||||
| CVE-2024-38796 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2025-40929 | 2026-04-15 | N/A | 5.6 MEDIUM | ||
| Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | |||||
| CVE-2026-23750 | 2026-04-15 | N/A | 8.1 HIGH | ||
| Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption. | |||||
| CVE-2025-0633 | 2026-04-15 | N/A | N/A | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | |||||
| CVE-2025-29069 | 2026-04-15 | N/A | 7.3 HIGH | ||
| A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms. | |||||
| CVE-2024-10204 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. | |||||
| CVE-2024-56826 | 2026-04-15 | N/A | 5.6 MEDIUM | ||
| A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | |||||
| CVE-2023-5404 | 2026-04-15 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-25262 | 2026-04-15 | N/A | 8.1 HIGH | ||
| texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. | |||||
| CVE-2025-55286 | 2026-04-15 | N/A | N/A | ||
| z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing (SSAA) method. Under certain circumstances where the path being drawn existed in whole or partly outside of the rendering surface, incorrect bounding could cause out-of-bounds access within the coverage buffer. This affects the higher-level drawing operations, such as Context.fill, Context.stroke, painter.fill, and painter.stroke, when either the .default or .multisample_4x anti-aliasing modes were used. .supersample_4x was not affected, nor was drawing without anti-aliasing. In non-safe optimization modes (consumers compiling with ReleaseFast or ReleaseSmall), this could potentially lead to invalid memory accesses or corruption. z2d v0.7.1 fixes this issue, and it's recommended to upgrade to v0.7.1, or, given the small period of time v0.7.0 has been released, use v0.7.1 immediately, skipping v0.7.0. | |||||
| CVE-2025-40930 | 2026-04-15 | N/A | 7.5 HIGH | ||
| JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. | |||||
| CVE-2024-51737 | 2026-04-15 | N/A | 7.0 HIGH | ||
| RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | |||||
| CVE-2024-40754 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | |||||