Search Results (345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48290 1 Realtek 1 Rtl8762ekf-evb Firmware 2026-04-15 4.3 Medium
An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.
CVE-2021-47818 1 Dupterminator 1 Dupterminator 2026-04-15 7.5 High
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.
CVE-2025-5808 1 Opentext 1 Self Service Password Reset 2026-04-15 N/A
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.
CVE-2024-36346 1 Amd 2 Instinct Mi300a, Instinct Mi300x 2026-04-15 6 Medium
Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition.
CVE-2023-31304 2026-04-15 2.3 Low
Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.
CVE-2021-47821 1 Raimersoft 1 Rarmaradio 2026-04-15 7.5 High
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger application instability and potential crash.
CVE-2023-20581 2026-04-15 2.5 Low
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
CVE-2023-20515 2026-04-15 5.7 Medium
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
CVE-2024-9448 1 Arista 1 Eos 2026-04-15 7.5 High
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
CVE-2025-67901 1 Openbsd 1 Openbsd 2026-04-15 5.3 Medium
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.
CVE-2025-15080 2 Mitsubishi, Mitsubishi Electric 2 Melsec Iq-r Series, Melsec Iq-r Series 2026-04-15 N/A
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.
CVE-2026-32877 2 Botan Project, Randombit 2 Botan, Botan 2026-04-14 8.2 High
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
CVE-2026-1101 1 Gitlab 1 Gitlab 2026-04-14 6.5 Medium
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.
CVE-2026-30573 2 Senior-walter, Sourcecodester 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System 2026-04-08 7.5 High
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.
CVE-2026-34545 2 Academysoftwarefoundation, Openexr 2 Openexr, Openexr 2026-04-08 7.3 High
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decodes EXR images. The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), repeating for each additional pixel past the overflow point. In this context, a heap write overflow can lead to remote code execution on systems. This issue has been patched in version 3.4.7.
CVE-2022-4171 1 Superwhite 1 Demon Image Annotation 2026-04-08 6.5 Medium
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
CVE-2013-0270 2 Openstack, Redhat 2 Keystone, Openstack 2026-04-07 6.5 Medium
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CVE-2026-33762 2 Go-git, Go-git Project 2 Go-git, Go-git 2026-04-03 2.8 Low
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue. This issue has been patched in version 5.17.1.
CVE-2026-30575 2 Senior-walter, Sourcecodester 2 Web-based Pharmacy Product Management System, Pharmacy Product Management System 2026-03-31 7.5 High
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.
CVE-2025-13078 1 Gitlab 1 Gitlab 2026-03-27 6.5 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.