Total
2516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26200 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-26179 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-26256 | 3 Fedoraproject, Libarchive, Microsoft | 5 Fedora, Libarchive, Windows 11 22h2 and 2 more | 2025-05-03 | 7.8 High |
| Libarchive Remote Code Execution Vulnerability | ||||
| CVE-2024-30045 | 2 Microsoft, Redhat | 4 .net, Powershell, Visual Studio 2022 and 1 more | 2025-05-03 | 6.3 Medium |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-30038 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.1 High |
| Windows Cryptographic Services Remote Code Execution Vulnerability | ||||
| CVE-2024-30017 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-03 | 8.8 High |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2024-36843 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | 7.5 High |
| libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. | ||||
| CVE-2024-39883 | 2 Delta Electronics, Deltaww | 2 Cncsoft-g2, Cncsoft-g2 | 2025-05-01 | 8.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2023-49123 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49122 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49121 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2020-8252 | 4 Fedoraproject, Nodejs, Opensuse and 1 more | 6 Fedora, Node.js, Leap and 3 more | 2025-04-30 | 7.8 High |
| The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | ||||
| CVE-2024-24335 | 1 Rt-thread | 1 Rt-thread | 2025-04-30 | 8.4 High |
| A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. | ||||
| CVE-2024-24334 | 1 Rt-thread | 1 Rt-thread | 2025-04-30 | 8.4 High |
| A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | ||||
| CVE-2025-29911 | 1 Nasa | 1 Cryptolib | 2025-04-30 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function `Crypto_AOS_ProcessSecurity`, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the `p_ingest` buffer at indices `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without verifying if `len_ingest` is sufficiently large. This leads to a heap buffer overflow when `len_ingest` is smaller than `max_frame_size`. As of time of publication, no known patched versions exist. | ||||
| CVE-2024-56406 | 2 Perl, Redhat | 2 Perl, Enterprise Linux | 2025-04-30 | 8.6 High |
| A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. | ||||
| CVE-2024-20259 | 1 Cisco | 98 Catalyst 9100, Catalyst 9105, Catalyst 9105ax and 95 more | 2025-04-30 | 8.6 High |
| A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. | ||||
| CVE-2023-36028 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-29 | 9.8 Critical |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | ||||
| CVE-2023-36042 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-04-29 | 6.2 Medium |
| Visual Studio Denial of Service Vulnerability | ||||