Total
13651 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5187 | 1 Wolfssl | 1 Wolfssl | 2026-04-16 | N/A | 9.8 CRITICAL |
| Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer. | |||||
| CVE-2026-6069 | 1 Nasm | 1 Netwide Assembler | 2026-04-16 | N/A | 7.5 HIGH |
| NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | |||||
| CVE-2019-25567 | 2 Linux, Valentina-db | 2 Linux Kernel, Studio | 2026-04-16 | N/A | 6.2 MEDIUM |
| Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceeding 264 bytes into the Host field during server connection attempts, causing a denial of service. | |||||
| CVE-2019-25566 | 1 Acutesystems | 1 Transmac | 2026-04-16 | N/A | 6.2 MEDIUM |
| TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash. | |||||
| CVE-2019-25565 | 1 Magiciso | 1 Magic Iso Maker | 2026-04-16 | N/A | 6.2 MEDIUM |
| Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application. | |||||
| CVE-2019-25561 | 1 Jetaudio | 1 Lyric Maker | 2026-04-16 | N/A | 6.2 MEDIUM |
| Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition. | |||||
| CVE-2019-25558 | 1 Pixarra | 1 Selfie Studio | 2026-04-16 | N/A | 6.2 MEDIUM |
| Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application. | |||||
| CVE-2019-25554 | 1 Tomabo | 1 Mp4 Converter | 2026-04-16 | N/A | 5.5 MEDIUM |
| Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked. | |||||
| CVE-2019-25550 | 1 Verypdf | 1 Encrypt Pdf | 2026-04-16 | N/A | 6.2 MEDIUM |
| Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files. | |||||
| CVE-2019-25549 | 1 Verypdf | 1 Verypdf | 2026-04-16 | N/A | 6.2 MEDIUM |
| VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files. | |||||
| CVE-2019-25545 | 1 Lizardsystems | 1 Terminal Services Manager | 2026-04-16 | N/A | 6.2 MEDIUM |
| Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed. | |||||
| CVE-2019-25598 | 2026-04-16 | N/A | 6.2 MEDIUM | ||
| HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash. | |||||
| CVE-2019-25603 | 2026-04-16 | N/A | 8.4 HIGH | ||
| TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell. | |||||
| CVE-2019-25606 | 2026-04-16 | N/A | 5.5 MEDIUM | ||
| Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked. | |||||
| CVE-2019-25600 | 2026-04-16 | N/A | 6.5 MEDIUM | ||
| UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer. | |||||
| CVE-2019-25615 | 2026-04-16 | N/A | 8.4 HIGH | ||
| Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110. | |||||
| CVE-2019-25607 | 2026-04-16 | N/A | 8.4 HIGH | ||
| Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges. | |||||
| CVE-2019-25609 | 2026-04-16 | N/A | 8.4 HIGH | ||
| JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges. | |||||
| CVE-2019-25601 | 2026-04-16 | N/A | 6.2 MEDIUM | ||
| UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition. | |||||
| CVE-2019-25611 | 2026-04-16 | N/A | 8.4 HIGH | ||
| MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges. | |||||