Export limit exceeded: 14583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0234 2026-04-15 5.3 Medium
Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.
CVE-2025-9340 1 Bouncycastle 1 Legion-of-the-bouncy-castle-fips-java-api 2026-04-15 5.9 Medium
Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.
CVE-2023-5405 1 Honeywell 1 Experion Server 2026-04-15 5.9 Medium
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2025-3017 2026-04-15 5.3 Medium
A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue.
CVE-2020-36964 1 Ik80 1 Yatinywinftp 2026-04-15 9.8 Critical
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVE-2025-11266 2 Grassroots Dicom Project, Malaterre 2 Grassroots Dicom, Grassroots Dicom 2026-04-15 6.6 Medium
An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing. It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.
CVE-2025-59728 1 Ffmpeg 1 Ffmpeg 2026-04-15 6.5 Medium
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.
CVE-2024-47897 2026-04-15 8.8 High
Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.
CVE-2024-32672 1 Samsung Open Source 1 Escargot 2026-04-15 5.3 Medium
A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0.
CVE-2024-38665 2026-04-15 8.4 High
Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-34105 1 Flexense 1 Diskboss 2026-04-15 N/A
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
CVE-2025-9178 1 Rockwellautomation 1 1715-aentr Eternet/ip Adapter 2026-04-15 N/A
A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover.
CVE-2023-20513 2026-04-15 3.3 Low
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2025-41238 1 Vmware 3 Esxi, Fusion, Workstation 2026-04-15 9.3 Critical
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CVE-2024-32639 1 Siemens 1 Tecnomatix Plant Simulation 2026-04-15 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)
CVE-2025-41236 1 Vmware 3 Esxi, Fusion, Workstation 2026-04-15 9.3 Critical
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
CVE-2024-34776 2026-04-15 4.5 Medium
Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-7137 2026-04-15 6.5 Medium
The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device.
CVE-2025-35975 1 Microdicom 1 Dicom Viewer 2026-04-15 8.8 High
MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation.
CVE-2025-32022 2026-04-15 4.6 Medium
Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.