Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40046 1 Apache 2 Activemq, Activemq Mqtt 2026-04-13 7.5 High
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions. This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.
CVE-2026-5525 2 Notepad++, Notepad-plus-plus 2 Notepad++, Notepad++ 2026-04-13 6 Medium
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).
CVE-2026-31412 1 Linux 1 Linux Kernel 2026-04-13 N/A
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the block size (`common->curlun->blkbits`). However, it does not validate whether this shift operation will cause an integer overflow. Initially, the block size is set up in `fsg_lun_open()` , and the `common->data_size_from_cmnd` is set up in `do_scsi_command()`. During initialization, there is no integer overflow check for the interaction between two variables. So if a malicious USB host sends a SCSI READ or WRITE command requesting a large amount of data (`common->data_size_from_cmnd`), the left shift operation can wrap around. This results in a truncated data size, which can bypass boundary checks and potentially lead to memory corruption or out-of-bounds accesses. Fix this by using the check_shl_overflow() macro to safely perform the shift and catch any overflows.
CVE-2026-6157 1 Totolink 2 A800r, A800r Firmware 2026-04-13 8.8 High
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
CVE-2026-40447 1 Samsung Open Source 1 Escargot 2026-04-13 5.1 Medium
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
CVE-2026-0232 1 Palo Alto Networks 1 Cortex Xdr Agent 2026-04-13 N/A
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
CVE-2026-35553 1 Dynabook 2 Drfec.sys, Tosrfec.sys 2026-04-13 6.7 Medium
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.
CVE-2026-34715 1 Vshakitskiy 1 Ewe 2026-04-13 5.3 Medium
ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF (\r\n) sequences. An application that passes user-controlled data into response headers (e.g., setting a Location redirect header from a request parameter) allows an attacker to inject arbitrary HTTP response content, leading to response splitting, cache poisoning, and possible cross-site scripting. Notably, ewe does validate CRLF in incoming request headers via validate_field_value() in the HTTP/1.1 parser — but provides no equivalent protection for outgoing response headers in the encoder. This issue has been patched in version 3.0.6.
CVE-2026-35536 1 Tornadoweb 1 Tornado 2026-04-13 7.2 High
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
CVE-2026-31058 1 Utt 3 1200gw, 1200gw Firmware, Hiper 1200gw 2026-04-13 4.5 Medium
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-31060 1 Utt 3 810g, 810g Firmware, Hiper 810g 2026-04-13 4.5 Medium
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-31061 1 Utt 3 810g, 810g Firmware, Hiper 810g 2026-04-13 4.5 Medium
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-31063 1 Utt 3 1200gw, 1200gw Firmware, Hiper 1200gw 2026-04-13 4.5 Medium
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-31066 1 Utt 3 810g, 810g Firmware, Hiper 810g 2026-04-13 4.5 Medium
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-35044 1 Bentoml 1 Bentoml 2026-04-13 8.8 High
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38.
CVE-2025-52908 1 Samsung 21 Exynos, Exynos 1280, Exynos 1280 Firmware and 18 more 2026-04-13 9.8 Critical
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2.
CVE-2026-20884 1 Libraw 1 Libraw 2026-04-13 8.1 High
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24450 1 Libraw 1 Libraw 2026-04-13 8.1 High
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24660 1 Libraw 1 Libraw 2026-04-13 8.1 High
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-20889 1 Libraw 1 Libraw 2026-04-13 9.8 Critical
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.