Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-25711 SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. A... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34540 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() whe... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34539 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34537 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exe... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34536 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed()... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34552 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code perform... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25653 Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection d... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25625 Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a te... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-33574 OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy o... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25227 Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-40312 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicou... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-29628 A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file. | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25618 AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25586 Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25659 ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25660 LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feat... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25665 River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25666 SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 strin... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25557 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp fil... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25595 jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attack... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers c... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25599 Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25601 UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25616 AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into th... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25546 NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a den... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25547 NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious b... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25551 Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attack... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25620 Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25621 Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25622 Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a t... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25623 Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create ... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25585 Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffe... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25583 RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buff... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25584 RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Att... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-30006 XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-30007 XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file | 6.2 | MEDIUM | — | 0 |
| CVE-2026-33320 Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20699 A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-12708 IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25632 phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. At... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20637 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-64646 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-40115 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-40169 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a ya... | 6.2 | MEDIUM | — | 0 |
| CVE-2016-20050 NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-29976 Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function | 6.2 | MEDIUM | — | 0 |
| CVE-2026-20695 An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kerne... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-71280 XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensi... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-35480 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I... | 6.2 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.