Total
14398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25601 | 1 Uvnc | 1 Ultravnc Launcher | 2026-04-16 | 6.2 Medium |
| UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition. | ||||
| CVE-2019-25603 | 1 Tuneclone | 1 Tuneclone | 2026-04-16 | 8.4 High |
| TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell. | ||||
| CVE-2019-25604 | 1 Dvd-x-player | 1 Dvd X Player | 2026-04-16 | 8.4 High |
| DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges. | ||||
| CVE-2019-25606 | 1 Alloksoft | 1 Fast Avi Mpeg Joiner | 2026-04-16 | 5.5 Medium |
| Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked. | ||||
| CVE-2019-25609 | 1 Jetaudio | 1 Jetaudio | 2026-04-16 | 8.4 High |
| JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges. | ||||
| CVE-2019-25612 | 1 Admin-express | 1 Admin-express | 2026-04-16 | 7.8 High |
| Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges. | ||||
| CVE-2026-40393 | 1 Mesa3d | 1 Mesa | 2026-04-16 | 8.1 High |
| In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. | ||||
| CVE-2019-25659 | 1 Xlinesoft | 1 Asprunner Professional | 2026-04-16 | 6.2 Medium |
| ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash. | ||||
| CVE-2019-25658 | 1 Amac | 1 Mac Address Change | 2026-04-16 | 5.5 Medium |
| a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash. | ||||
| CVE-2019-25656 | 1 R-project | 1 R | 2026-04-16 | 8.4 High |
| R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode. | ||||
| CVE-2018-25251 | 1 Sourceforge | 1 Snes9k 0.0.9z | 2026-04-16 | 8.4 High |
| Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation. | ||||
| CVE-2019-25661 | 1 Lizardsystems | 1 Remote Process Explorer | 2026-04-16 | 6.2 Medium |
| Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers. | ||||
| CVE-2018-25255 | 1 10-strike | 1 Strike Lanstate | 2026-04-16 | 8.4 High |
| 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application. | ||||
| CVE-2026-22716 | 1 Vmware | 1 Workstation | 2026-04-16 | 5 Medium |
| Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes. | ||||
| CVE-2020-8285 | 10 Apple, Debian, Fedoraproject and 7 more | 32 Mac Os X, Macos, Debian Linux and 29 more | 2026-04-16 | 7.5 High |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | ||||
| CVE-2026-3382 | 1 Chaiscript | 1 Chaiscript | 2026-04-16 | 3.3 Low |
| A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-20423 | 1 Mediatek | 7 Mt7902, Mt7920, Mt7921 and 4 more | 2026-04-16 | 7.8 High |
| In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956. | ||||
| CVE-2026-20425 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-04-16 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539. | ||||
| CVE-2026-20426 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-04-16 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538. | ||||
| CVE-2026-20427 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-04-16 | 6.7 Medium |
| In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537. | ||||