Total
2332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36843 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | 7.5 High |
| libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. | ||||
| CVE-2024-39883 | 2 Delta Electronics, Deltaww | 2 Cncsoft-g2, Cncsoft-g2 | 2025-05-01 | 8.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2023-49123 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49122 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49121 | 1 Siemens | 1 Solid Edge Se2023 | 2025-05-01 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2020-8252 | 4 Fedoraproject, Nodejs, Opensuse and 1 more | 6 Fedora, Node.js, Leap and 3 more | 2025-04-30 | 7.8 High |
| The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | ||||
| CVE-2025-29769 | 2025-04-30 | N/A | ||
| libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1. | ||||
| CVE-2024-6031 | 2025-04-30 | N/A | ||
| Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23198. | ||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 40 Ubuntu Linux, Debian Linux, Fedora and 37 more | 2025-04-30 | 7.8 High |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | ||||
| CVE-2025-29811 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27490 | 2025-04-30 | 7.8 High | ||
| Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27487 | 2025-04-30 | 8 High | ||
| Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-26674 | 2025-04-30 | 7.8 High | ||
| Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | ||||
| CVE-2025-26639 | 2025-04-30 | 7.8 High | ||
| Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21222 | 2025-04-30 | 8.8 High | ||
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-21221 | 2025-04-30 | 8.8 High | ||
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-21205 | 2025-04-30 | 8.8 High | ||
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-27752 | 2025-04-30 | 7.8 High | ||
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27478 | 2025-04-30 | 7 High | ||
| Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27477 | 2025-04-30 | 8.8 High | ||
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||