Total
2685 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28909 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-05-03 | 8.8 High |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28908 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-05-03 | 8.8 High |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28906 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-05-03 | 8.8 High |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28896 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 7.5 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-26205 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-26200 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-26179 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-26256 | 3 Fedoraproject, Libarchive, Microsoft | 5 Fedora, Libarchive, Windows 11 22h2 and 2 more | 2025-05-03 | 7.8 High |
| Libarchive Remote Code Execution Vulnerability | ||||
| CVE-2024-30045 | 2 Microsoft, Redhat | 4 .net, Powershell, Visual Studio 2022 and 1 more | 2025-05-03 | 6.3 Medium |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-30038 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-30017 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-03 | 8.8 High |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2020-8252 | 4 Fedoraproject, Nodejs, Opensuse and 1 more | 6 Fedora, Node.js, Leap and 3 more | 2025-04-30 | 7.8 High |
| The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | ||||
| CVE-2024-24334 | 1 Rt-thread | 1 Rt-thread | 2025-04-30 | 8.4 High |
| A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | ||||
| CVE-2025-29911 | 1 Nasa | 1 Cryptolib | 2025-04-30 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function `Crypto_AOS_ProcessSecurity`, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the `p_ingest` buffer at indices `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without verifying if `len_ingest` is sufficiently large. This leads to a heap buffer overflow when `len_ingest` is smaller than `max_frame_size`. As of time of publication, no known patched versions exist. | ||||
| CVE-2024-20259 | 1 Cisco | 98 Catalyst 9100, Catalyst 9105, Catalyst 9105ax and 95 more | 2025-04-30 | 8.6 High |
| A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. | ||||
| CVE-2022-43171 | 1 Lief-project | 1 Lief | 2025-04-29 | 6.5 Medium |
| A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | ||||
| CVE-2025-46333 | 2025-04-29 | N/A | ||
| z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`. | ||||
| CVE-2022-44654 | 1 Trendmicro | 1 Apex One | 2025-04-29 | 7.5 High |
| Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security. | ||||
| CVE-2024-45872 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.3 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | ||||
| CVE-2025-21169 | 1 Adobe | 1 Substance 3d Designer | 2025-04-28 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||