Export limit exceeded: 23536 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23536 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50734 2026-04-15 9 Critical
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
CVE-2024-52799 1 Argoproj 1 Argo-helm 2026-04-15 8.3 High
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. This only affects the Helm Chart and not the upstream manifests. This vulnerability is fixed in 0.44.0.
CVE-2020-36961 1 10-strike 1 Network Inventory Explorer 2026-04-15 9.8 Critical
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
CVE-2024-45162 1 Blu-castle 1 Bcum221e 2026-04-15 9.8 Critical
A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.
CVE-2025-9557 1 Zephyrproject-rtos 1 Zephyr 2026-04-15 7.6 High
‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬
CVE-2025-64693 2 Intercom, Microsoft 2 Malion, Windows 2026-04-15 N/A
Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.
CVE-2025-23050 1 Qt 1 Qt 2026-04-15 3.1 Low
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.
CVE-2024-39279 1 Redhat 1 Enterprise Linux 2026-04-15 6.5 Medium
Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.
CVE-2025-5555 1 Dieboldnixdorf 1 Wincor 2026-04-15 7.8 High
A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early.
CVE-2024-43661 2026-04-15 9.8 Critical
The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI script. This binary or script will write this file path to <redacted>, which is then read by <redacted>.so This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – An attacker will have to find this exploit by either obtaining the binaries involved in this vulnerability, or by trial and error. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe CGI binary or <redacted>.sh script to trigger the vulnerability, or convince a user with such access send an HTTP request that triggers it. Impact: High – The <redacted> process, which we assume is responsible for OCPP communication, will keep crashing after performing the exploit. This happens because the buffer overflow causes the process to segfault before <redacted> is removed. This means that, even though <redacted> is automatically restarted, it will crash again as soon as it tries to parse the text file. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).
CVE-2024-21853 2026-04-15 4.7 Medium
Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.
CVE-2024-31714 1 Waxlab 1 Wax 2026-04-15 7.5 High
Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.
CVE-2024-21947 1 Amd 8 Athlon, Athlon 3000, Ryzen and 5 more 2026-04-15 7.5 High
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
CVE-2025-1836 2026-04-15 4.3 Medium
A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-21953 1 Amd 3 Epyc 8004 Series Processors, Epyc 9004 Series Processors, Epyc Embedded 9004 Series Processors 2026-04-15 N/A
Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.
CVE-2024-21970 1 Amd 9 Athlon, Athlon 3000, Ryzen and 6 more 2026-04-15 4.4 Medium
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
CVE-2024-21971 2026-04-15 5.5 Medium
Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
CVE-2022-20766 1 Cisco 1 Ata 190 Firmware 2026-04-15 5.3 Medium
A vulnerability in the Cisco&nbsp;Discovery Protocol functionality of Cisco&nbsp;ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco&nbsp;Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco&nbsp;Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco&nbsp;has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-37863 1 Open Robotics 2 Nav2 Humble, Robotics Operating System 2026-04-15 9.8 Critical
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.
CVE-2024-7954 1 Spip 1 Spip 2026-04-15 9.8 Critical
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.