Export limit exceeded: 362671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 15950 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (15950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3145 1 Mindspore 1 Mindspore 2026-04-15 3.3 Low
A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-22885 1 Intel 1 Tdx Module 2026-04-15 4.7 Medium
Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2024-21859 1 Intel 1 Processors 2026-04-15 5.3 Medium
Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2025-9338 1 Asus 1 Armoury Crate 2026-04-15 N/A
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.
CVE-2025-12755 1 Ibm 2 Mq Advanced, Mq Operator 2026-04-15 4 Medium
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues.
CVE-2025-26503 1 Windriver 1 Vxworks 2026-04-15 6.7 Medium
A crafted system call argument can cause memory corruption.
CVE-2025-10385 1 Mercury 1 Km08-708h Giga Wifi Wave2 2026-04-15 8.8 High
A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-48267 2026-04-15 7.9 High
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-9157 1 Appneta 1 Tcpreplay 2026-04-15 5.3 Medium
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
CVE-2023-6361 1 Winhex 1 Winhex 2026-04-15 7.3 High
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.
CVE-2025-24338 2026-04-15 7.1 High
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.
CVE-2024-13941 2026-04-15 5.3 Medium
A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-48490 2026-04-15 N/A
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0.
CVE-2024-5801 2026-04-15 N/A
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
CVE-2024-9348 1 Docker 1 Desktop 2026-04-15 N/A
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
CVE-2025-6490 2026-04-15 3.3 Low
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
CVE-2023-47310 1 Mikrotik 1 Routeros 2026-04-15 6.5 Medium
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.
CVE-2025-14569 1 Ggml 1 Whisper.cpp 2026-04-15 5.3 Medium
A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2025-8760 2026-04-15 9.8 Critical
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
CVE-2025-1308 2026-04-15 N/A
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.