Total
13905 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3849 | 1 Wolfssl | 1 Wolfssl | 2026-03-26 | 9.8 Critical |
| Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech. | ||||
| CVE-2026-4699 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4697 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4686 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4685 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2019-25644 | 1 Winmpg | 1 Winmpg Video Convert Local Dos Exploit | 2026-03-26 | 6.2 Medium |
| WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition. | ||||
| CVE-2019-25646 | 1 Tabslab | 1 Mailcarrier | 2026-03-26 | 9.8 Critical |
| Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload. | ||||
| CVE-2026-4706 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4708 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4709 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4713 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-28859 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-03-26 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | ||||
| CVE-2026-23359 | 1 Linux | 1 Linux Kernel | 2026-03-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAX_NEST_DEV (e.g., many macvlans), causing a stack-out-of-bounds write. Add a max parameter to get_upper_ifindexes() to avoid the issue. When there are too many upper devices, return -EOVERFLOW and abort the redirect. To reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with an XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS. Then send a packet to the device to trigger the XDP redirect path. | ||||
| CVE-2026-28825 | 1 Apple | 1 Macos | 2026-03-25 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-43010 | 2 Apple, Redhat | 11 Ios And Ipados, Ipados, Iphone Os and 8 more | 2026-03-25 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2026-20664 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-25 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-4673 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-25 | 8.8 High |
| Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4675 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-25 | 8.8 High |
| Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4746 | 1 Timeplus-io | 1 Proton | 2026-03-25 | N/A |
| Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16. | ||||
| CVE-2026-33850 | 1 Wujekfoliarz | 1 Dualsensey-v2 | 2026-03-25 | 7.8 High |
| Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. | ||||