Total
3942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5164 | 2026-03-30 | N/A | 6.7 MEDIUM | ||
| A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS). | |||||
| CVE-2025-48611 | 1 Google | 1 Android | 2026-03-30 | N/A | 10.0 CRITICAL |
| In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-4862 | 2026-03-30 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-29976 | 2026-03-30 | N/A | 6.2 MEDIUM | ||
| Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function | |||||
| CVE-2026-4976 | 2026-03-30 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-1679 | 2026-03-30 | N/A | 7.3 HIGH | ||
| The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly. | |||||
| CVE-2025-69720 | 1 Invisible-island | 1 Ncurses | 2026-03-26 | N/A | 7.3 HIGH |
| The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | |||||
| CVE-2026-28858 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-26 | N/A | 9.8 CRITICAL |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2020-37131 | 1 Nsasoft | 1 Product Key Explorer | 2026-03-26 | N/A | 6.2 MEDIUM |
| Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash. | |||||
| CVE-2026-30006 | 1 Xnview | 1 Nconvert | 2026-03-26 | N/A | 6.2 MEDIUM |
| XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | |||||
| CVE-2026-4720 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-25 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4729 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-25 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149. | |||||
| CVE-2026-28841 | 1 Apple | 1 Macos | 2026-03-25 | N/A | 6.2 MEDIUM |
| A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. | |||||
| CVE-2026-4721 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-25 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-28875 | 1 Apple | 2 Ipados, Iphone Os | 2026-03-25 | N/A | 7.5 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service. | |||||
| CVE-2024-51347 | 2026-03-25 | N/A | 7.2 HIGH | ||
| A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function. | |||||
| CVE-2026-27459 | 1 Pyopenssl | 1 Pyopenssl | 2026-03-25 | N/A | 9.8 CRITICAL |
| pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected. | |||||
| CVE-2026-4689 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-25 | N/A | 10.0 CRITICAL |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4690 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 8.6 HIGH |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4687 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 8.6 HIGH |
| Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||