Export limit exceeded: 42830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42830 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21373 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21374 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21375 | 1 Qualcomm | 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21376 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21378 | 1 Qualcomm | 103 Aqt1000, Aqt1000 Firmware, Cologne and 100 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-09 | 7.6 High |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||||
| CVE-2026-21382 | 1 Qualcomm | 39 Cologne, Cologne Firmware, Fastconnect 6900 and 36 more | 2026-04-09 | 7.8 High |
| Memory Corruption when handling power management requests with improperly sized input/output buffers. | ||||
| CVE-2025-50667 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint. | ||||
| CVE-2025-50670 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters. | ||||
| CVE-2025-50645 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition. | ||||
| CVE-2025-50653 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | ||||
| CVE-2025-50655 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||||
| CVE-2025-50660 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||||
| CVE-2025-50661 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log. | ||||
| CVE-2025-50663 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | ||||
| CVE-2026-30817 | 1 Tp-link | 1 Ax53 V1 | 2026-04-09 | N/A |
| An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | ||||
| CVE-2026-35477 | 1 Inventree | 1 Inventree | 2026-04-09 | 5.5 Medium |
| InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0. | ||||
| CVE-2026-39864 | 1 Kamailio | 1 Kamailio | 2026-04-09 | 4.4 Medium |
| Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet if a successful user authentication without a database backend is followed by additional user identity checks. This vulnerability is fixed in 6.0.5 and 5.8.7. | ||||
| CVE-2026-5864 | 1 Google | 1 Chrome | 2026-04-09 | 6.5 Medium |
| Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-5867 | 1 Google | 1 Chrome | 2026-04-09 | 6.5 Medium |
| Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||