Export limit exceeded: 341624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4416 | 1 Gigabyte | 1 Performance Library | 2026-03-31 | 7.8 High |
| The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation. | ||||
| CVE-2026-5128 | 1 Arthurfiorette | 1 Steam-trader | 2026-03-31 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-1612 | 1 Al-ko | 1 Robolinho Update Software | 2026-03-31 | N/A |
| AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2018-25226 | 1 Ftpshell | 1 Ftpshell Server | 2026-03-31 | 6.2 Medium |
| FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface. | ||||
| CVE-2018-25227 | 1 Valentina-db | 1 Valentina Studio | 2026-03-31 | 6.2 Medium |
| Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts. | ||||
| CVE-2018-25228 | 1 Netsetman | 1 Netsetman | 2026-03-31 | 6.2 Medium |
| NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition. | ||||
| CVE-2018-25229 | 1 Bpftpserver | 1 Bulletproof Ftp Server | 2026-03-31 | 5.5 Medium |
| BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button. | ||||
| CVE-2018-25230 | 1 Eusing | 1 Free Ip Switcher | 2026-03-31 | 5.5 Medium |
| Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application. | ||||
| CVE-2018-25231 | 1 Heidisql | 1 Heidisql | 2026-03-31 | 6.2 Medium |
| HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to trigger an application crash. | ||||
| CVE-2018-25232 | 1 Messenger | 1 Softros Lan Messenger | 2026-03-31 | 5.5 Medium |
| Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked. | ||||
| CVE-2018-25235 | 1 Networkactiv | 1 Networkactiv Web Server | 2026-03-31 | 6.2 Medium |
| NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface. | ||||
| CVE-2019-25653 | 1 Navicat | 1 Navicat | 2026-03-31 | 6.2 Medium |
| Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash. | ||||
| CVE-2019-25654 | 1 Coreftp | 1 Core Ftp/sftp Server | 2026-03-31 | 7.5 High |
| Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service. | ||||
| CVE-2019-25655 | 1 Hdd | 1 Device Monitoring Studio | 2026-03-31 | 6.2 Medium |
| Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface. | ||||
| CVE-2026-4266 | 1 Watchguard | 1 Fireware Os | 2026-03-31 | N/A |
| An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35. | ||||
| CVE-2026-4315 | 1 Watchguard | 1 Fireware Os | 2026-03-31 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2. | ||||
| CVE-2026-3321 | 1 On24 | 2 On24 Q&a Chat, On24 Q A Chat | 2026-03-31 | N/A |
| A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages. | ||||
| CVE-2026-5122 | 1 Osrg | 1 Gobgp | 2026-03-31 | 3.7 Low |
| A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue. | ||||
| CVE-2026-5123 | 1 Osrg | 1 Gobgp | 2026-03-31 | 3.7 Low |
| A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue. | ||||
| CVE-2026-5170 | 1 Mongodb | 1 Mongodb Server | 2026-03-31 | 5.3 Medium |
| A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set. This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31. | ||||