Export limit exceeded: 23585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23585 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-10014 2026-04-15 N/A
GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable.
CVE-2024-40086 1 Viloliving 1 Vilo 5 Mesh Wifi System Firmware 2026-04-15 9.6 Critical
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.
CVE-2024-24451 2026-04-15 7.5 High
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.
CVE-2025-10933 1 Silabs 1 Z-wave Protocol Controller 2026-04-15 N/A
An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.
CVE-2024-12803 2026-04-15 7.2 High
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
CVE-2024-56732 2026-04-15 8.8 High
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
CVE-2025-13084 1 Opto 22 3 Groov View Server, Grv-epic-pr1 Firmware, Grv-epic-pr2 Firmware 2026-04-15 7.6 High
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.
CVE-2025-42929 1 Sap 1 Landscape Transformation Replication Server 2026-04-15 8.1 High
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
CVE-2023-48906 2026-04-15 4.3 Medium
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.
CVE-2024-57970 1 Redhat 1 Enterprise Linux 2026-04-15 4 Medium
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
CVE-2023-49100 2026-04-15 4.4 Medium
Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.
CVE-2021-47798 1 Noteburner 1 Noteburner 2026-04-15 9.8 Critical
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
CVE-2021-47797 1 Leawo 1 Prof Media 2026-04-15 7.5 High
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into the registration interface.
CVE-2025-25280 2026-04-15 5.3 Medium
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
CVE-2025-23345 3 Linux, Microsoft, Nvidia 3 Linux, Windows, Display Driver 2026-04-15 4.4 Medium
NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
CVE-2025-0325 2026-04-15 4.3 Medium
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
CVE-2024-4550 1 Lenovo 5 Thinkstation P360 Workstation Firmware, Thinksystem St50 Firmware, Thinksystem St50 V2 Firmware and 2 more 2026-04-15 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2024-45415 1 Zte 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more 2026-04-15 9.8 Critical
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.
CVE-2023-7332 2026-04-15 N/A
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
CVE-2024-41166 2026-04-15 6.1 Medium
Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.