Total
14066 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49848 | 2026-04-15 | N/A | ||
| An Out-of-bounds Write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | ||||
| CVE-2025-33029 | 2 Intel, Microsoft | 4 Proset, Proset/wireless, Proset/wireless Software and 1 more | 2026-04-15 | 7.4 High |
| Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. | ||||
| CVE-2025-34105 | 1 Flexense | 1 Diskboss | 2026-04-15 | N/A |
| A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts. | ||||
| CVE-2025-32008 | 1 Intel | 1 Intel Amt And Intel Standard Manageability | 2026-04-15 | 8.6 High |
| Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (low) impacts. | ||||
| CVE-2025-3154 | 1 Xpdf | 1 Xpdf | 2026-04-15 | N/A |
| Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. | ||||
| CVE-2025-4877 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 4.5 Medium |
| There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh. | ||||
| CVE-2025-12052 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 7.8 High |
| The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. | ||||
| CVE-2025-11680 | 1 Warmcat | 1 Libwebsockets | 2026-04-15 | 3.1 Low |
| Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation. | ||||
| CVE-2025-29949 | 1 Amd | 17 Ryzen 5000 Series Desktop Processors, Ryzen 5000 Series Desktop Processors With Radeon Graphics, Ryzen 5000 Series Mobile Processors With Radeon Graphics and 14 more | 2026-04-15 | N/A |
| Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service. | ||||
| CVE-2025-30015 | 2026-04-15 | 4.1 Medium | ||
| Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application. | ||||
| CVE-2025-9178 | 1 Rockwellautomation | 1 1715-aentr Eternet/ip Adapter | 2026-04-15 | N/A |
| A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover. | ||||
| CVE-2025-30255 | 2 Intel, Microsoft | 4 Proset, Proset/wireless, Proset/wireless Software and 1 more | 2026-04-15 | 8.2 High |
| Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. | ||||
| CVE-2025-53524 | 1 Fujielectric | 1 Monitouch V-sft | 2026-04-15 | 7.8 High |
| Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-4421 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 8.2 High |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||
| CVE-2025-4422 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 8.2 High |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||
| CVE-2025-4640 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | ||||
| CVE-2025-42940 | 1 Sap | 1 Commoncryptolib | 2026-04-15 | 7.5 High |
| SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality or integrity. | ||||
| CVE-2025-42971 | 2026-04-15 | 4 Medium | ||
| A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application. | ||||
| CVE-2025-41237 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2026-04-15 | 9.3 Critical |
| VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | ||||
| CVE-2024-21979 | 2026-04-15 | 5.3 Medium | ||
| An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | ||||