Total
14082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24829 | 1 Is-daouda | 1 Is-engine | 2026-04-18 | 6.5 Medium |
| Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | ||||
| CVE-2026-1489 | 1 Redhat | 1 Enterprise Linux | 2026-04-18 | 5.4 Medium |
| A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable. | ||||
| CVE-2026-0648 | 1 Eclipse | 1 Threadx | 2026-04-18 | 7.8 High |
| The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to determine failure, but @osek_get_counter() actually returns E_OS_SYS_STACK (defined as 12U) when it fails. This mismatch causes the error branch to never execute even when the counter pool is exhausted. As a result, when the counter pool is depleted, the code proceeds to cast the error code (12U) to a pointer (OSEK_COUNTER *), creating a wild pointer. Subsequent writes to members of this pointer lead to writes to illegal memory addresses (e.g., 0x0000000C), which can trigger immediate HardFaults or silent memory corruption. This vulnerability poses significant risks, including potential denial-of-service attacks (via repeated calls to exhaust the counter pool) and unauthorized memory access. | ||||
| CVE-2026-22260 | 1 Oisf | 1 Suricata | 2026-04-18 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`. | ||||
| CVE-2026-25502 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 7.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-0659 | 1 Autodesk | 3 3ds Max, Arnold, Usd For Arnold | 2026-04-18 | 7.8 High |
| A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0536 | 1 Autodesk | 1 3ds Max | 2026-04-18 | 7.8 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-25582 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 7.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3. | ||||
| CVE-2026-25583 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 7.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3. | ||||
| CVE-2026-1301 | 1 Open62541 | 1 Open62541 | 2026-04-18 | N/A |
| In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory. | ||||
| CVE-2026-1998 | 1 Micropython | 1 Micropython | 2026-04-18 | 3.3 Low |
| A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue. | ||||
| CVE-2026-24928 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-18 | 5.8 Medium |
| Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-2016 | 1 Happyfish100 | 1 Libfastcommon | 2026-04-18 | 5.3 Medium |
| A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2026-2258 | 2 Aardappel, Strlen | 2 Lobster, Lobster | 2026-04-18 | 3.3 Low |
| A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2026-2259 | 2 Aardappel, Strlen | 2 Lobster, Lobster | 2026-04-18 | 3.3 Low |
| A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2026-23715 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-04-18 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-21312 | 1 Adobe | 1 Audition | 2026-04-18 | 7.8 High |
| Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21318 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-04-18 | 7.8 High |
| After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21357 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-04-18 | 7.8 High |
| InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21349 | 1 Adobe | 2 Lightroom, Lightroom Desktop | 2026-04-18 | 7.8 High |
| Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||