Export limit exceeded: 23135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 41681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24447 | 2 Six Apart, Six Apart Ltd | 2 Movable Type, Movable Type | 2026-02-04 | N/A |
| If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well. | ||||
| CVE-2026-0873 | 1 Ercom | 1 Cryptobox | 2026-02-04 | N/A |
| On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator. | ||||
| CVE-2025-0395 | 1 Redhat | 3 Enterprise Linux, Rhel E4s, Rhel Eus | 2026-02-04 | 6.2 Medium |
| When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. | ||||
| CVE-2020-37066 | 1 Goldwave | 1 Goldwave | 2026-02-04 | 9.8 Critical |
| GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened. | ||||
| CVE-2020-37065 | 1 Streamripper | 1 Streamripper | 2026-02-04 | 9.8 Critical |
| StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the application. | ||||
| CVE-2025-23236 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | N/A |
| Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | ||||
| CVE-2024-37301 | 1 Adfinis | 1 Document Merge Service | 2026-02-04 | 7.2 High |
| Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed. | ||||
| CVE-2025-10875 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | ||||
| CVE-2026-24766 | 1 Nocodb | 1 Nocodb | 2026-02-04 | 4.9 Medium |
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPER_ADMIN authorization checks, no practical privileged actions can be performed because database operations fail immediately after pollution. Version 0.301.0 patches the issue. | ||||
| CVE-2025-64318 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1. | ||||
| CVE-2025-64320 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0. | ||||
| CVE-2025-64321 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 5.3 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0. | ||||
| CVE-2020-37070 | 1 Cloudme | 1 Cloudme | 2026-02-04 | 9.8 Critical |
| CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution. | ||||
| CVE-2026-24839 | 1 Dokploy | 1 Dokploy | 2026-02-04 | 4.7 Medium |
| Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue. | ||||
| CVE-2024-32761 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-04 | 6.5 Medium |
| Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2025-14550 | 1 Djangoproject | 1 Django | 2026-02-04 | 7.5 High |
| An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Jiyong Yang for reporting this issue. | ||||
| CVE-2020-37074 | 1 Lizardsystems | 1 Remote Desktop Audit | 2026-02-04 | 9.8 Critical |
| Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists. | ||||
| CVE-2019-25232 | 1 Netpclinker | 1 Netpclinker | 2026-02-04 | 9.8 Critical |
| NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client. | ||||
| CVE-2020-37029 | 1 K.soft | 1 Ftpdummy | 2026-02-04 | 8.4 High |
| FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands. | ||||
| CVE-2020-37024 | 1 Nidesoft | 1 Dvd Ripper | 2026-02-04 | 8.4 High |
| Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute shellcode. | ||||