Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-42944 | 1 Nlnetlabs | 1 Unbound | 2026-05-20 | N/A | 7.5 HIGH |
| NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation. | |||||
| CVE-2026-42371 | 1 Uriparser Project | 1 Uriparser | 2026-05-18 | N/A | 5.1 MEDIUM |
| uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | |||||
| CVE-2026-40380 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 6.2 MEDIUM |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||||
| CVE-2026-44927 | 1 Uriparser Project | 1 Uriparser | 2026-05-12 | N/A | 2.9 LOW |
| In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | |||||
| CVE-2025-6965 | 1 Sqlite | 1 Sqlite | 2026-04-14 | N/A | 9.8 CRITICAL |
| There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | |||||
| CVE-2026-32240 | 1 Capnproto | 1 Capnproto | 2026-03-18 | N/A | 6.5 MEDIUM |
| Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0. | |||||
| CVE-2025-10543 | 1 Eclipse | 1 Paho Mqtt | 2026-01-16 | N/A | 5.3 MEDIUM |
| In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet). The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body). | |||||
| CVE-2025-53723 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-15 | N/A | 7.8 HIGH |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49679 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2023-32143 | 1 Dlink | 4 Dap-1360, Dap-1360 Firmware, Dap-2020 and 1 more | 2025-05-16 | N/A | 8.8 HIGH |
| D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18423. | |||||
| CVE-2024-30009 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-29050 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-16 | N/A | 8.4 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2024-28944 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-15 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-30029 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-30024 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-30023 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-30022 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-30015 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-30014 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.5 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-21440 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-05 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||