Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39013 1 2o3t 1 2o3t-utility 2026-04-15 9.8 Critical
2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
CVE-2009-20007 1 Talkative 1 Irc 2026-04-15 N/A
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
CVE-2025-27611 1 Redhat 1 Jboss Enterprise Application Platform 2026-04-15 7.5 High
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.
CVE-2025-0546 2026-04-15 4.7 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.
CVE-2024-47262 2026-04-15 5.3 Medium
Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2020-36971 1 Nidesoft 1 3gp Video Converter 2026-04-15 8.4 High
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.
CVE-2024-47944 1 Rittal Gmbh And Co.kg 1 Iot Interface And Cmc Iii Processing Unit 2026-04-15 6.8 Medium
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.
CVE-2023-48906 2026-04-15 4.3 Medium
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.
CVE-2024-21947 1 Amd 8 Athlon, Athlon 3000, Ryzen and 5 more 2026-04-15 7.5 High
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
CVE-2024-47257 1 Axis Communications Ab 2 Axis P1428-e Network Camera, Axis Q6128-e Ptz Network Camera 2026-04-15 7.5 High
Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution.
CVE-2025-66020 1 Open-circle 1 Valibot 2026-04-15 7.5 High
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. This issue has been patched in version 1.2.0.
CVE-2025-4207 1 Postgresql 1 Postgresql 2026-04-15 5.9 Medium
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
CVE-2009-10006 1 Alienform2 Project 1 Alienform2 2026-04-15 N/A
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
CVE-2024-25115 2026-04-15 7 High
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVE-2025-23388 1 Suse 1 Rancher 2026-04-15 8.2 High
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVE-2023-20581 2026-04-15 2.5 Low
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
CVE-2024-0840 2026-04-15 8.8 High
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
CVE-2025-10990 1 Redhat 4 Rhel Satellite Client, Satellite, Satellite Capsule and 1 more 2026-04-15 7.5 High
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.
CVE-2024-53621 1 Tenda 1 Ac1206 2026-04-15 7.5 High
A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-21512 2026-04-15 8.2 High
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.