Total
4488 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24972 | 1 Gallagher | 2 Controller 6000, Controller 7000 | 2026-04-15 | 6.5 Medium |
| Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | ||||
| CVE-2020-37107 | 1 Coreftp | 1 Core Ftp Le | 2026-04-15 | 7.5 High |
| Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation. | ||||
| CVE-2025-25525 | 2026-04-15 | 5.1 Medium | ||
| Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2025-31701 | 1 Dahua | 2 Ipc, Sd | 2026-04-15 | 8.1 High |
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | ||||
| CVE-2020-37042 | 3 Frigate, Frigate3, Winfrigate | 3 Frigate, Frigate Professional, Frigate 3 | 2026-04-15 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept. | ||||
| CVE-2024-41631 | 1 Host-host Neuq Board | 1 Host-host Neuq Board | 2026-04-15 | 7.5 High |
| Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. | ||||
| CVE-2024-1969 | 2026-04-15 | 8.2 High | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033. | ||||
| CVE-2024-57510 | 2026-04-15 | 7.8 High | ||
| Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. | ||||
| CVE-2023-28904 | 2026-04-15 | 5.2 Medium | ||
| A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process. | ||||
| CVE-2020-37127 | 1 Dnsmasq | 1 Dnsmasq | 2026-04-15 | 5.5 Medium |
| Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters. | ||||
| CVE-2020-37049 | 3 Frigate, Frigate3, Winfrigate | 3 Frigate, Frigate Professional, Frigate 3 | 2026-04-15 | 8.4 High |
| Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence. | ||||
| CVE-2024-37861 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2026-04-15 | 9.8 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | ||||
| CVE-2015-20111 | 1 Bitcoin | 1 Bitcoin Core | 2026-04-15 | 9.8 Critical |
| miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | ||||
| CVE-2020-37191 | 1 Top Password Software | 1 Top Password Software Dialup Password Recovery | 2026-04-15 | 7.5 High |
| Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields. | ||||
| CVE-2020-6923 | 2026-04-15 | 5.7 Medium | ||
| The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | ||||
| CVE-2019-25349 | 1 Scadaapp | 1 Scadaapp For Ios | 2026-04-15 | 7.5 High |
| ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. | ||||
| CVE-2021-47854 | 1 Dd-wrt | 1 Dd-wrt | 2026-04-15 | 9.8 Critical |
| DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device. | ||||
| CVE-2021-47798 | 1 Noteburner | 1 Noteburner | 2026-04-15 | 9.8 Critical |
| NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash. | ||||
| CVE-2025-14310 | 1 Rethinkdb | 1 Rethinkdb | 2026-04-15 | N/A |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4. | ||||
| CVE-2024-30164 | 3 Apple, Codesys, Microsoft | 3 Macos, Linux, Windows | 2026-04-15 | 6.7 Medium |
| Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165. | ||||