Search Results (23276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37193 2 Krylack, Top Password Software 2 Zip Password Recovery, Zip Password Recovery 2026-04-15 7.5 High
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
CVE-2020-37191 1 Top Password Software 1 Top Password Software Dialup Password Recovery 2026-04-15 7.5 High
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.
CVE-2020-37190 1 Top Password Software 1 Top Password Firefox Password Recovery 2026-04-15 7.5 High
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.
CVE-2020-37189 1 Digitalvolcano Software 1 Taskcanvas 2026-04-15 7.5 High
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVE-2020-37188 1 Nsasoft 1 Nsauditor Spotoutlook 2026-04-15 7.5 High
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.
CVE-2020-37187 1 Nsasoft 1 Nsauditor Spotdialup 2026-04-15 7.5 High
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37185 1 Nsauditor 1 Backup Key Recovery 2026-04-15 7.5 High
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
CVE-2020-37184 1 Allok Soft 1 Allok Video Converter 2026-04-15 9.8 Critical
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.
CVE-2020-37183 1 Allok Soft 1 Allok Rm Rmvb To Avi Mpeg Dvd Converter 2026-04-15 9.8 Critical
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
CVE-2020-37182 1 Troglobit 1 Redir 2026-04-15 7.5 High
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
CVE-2020-37181 1 Torrentrockyou 1 Torrent Flv Converter 2026-04-15 9.8 Critical
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
CVE-2020-37180 1 Nsasoft 1 Nsauditor Gtalk Password Finder 2026-04-15 7.5 High
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37179 1 Nsasoft 1 Nsauditor Apkf Product Key Finder 2026-04-15 7.5 High
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
CVE-2020-37177 1 Weird Solutions 1 Bootpturbo 2026-04-15 7.5 High
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.
CVE-2010-10015 1 Aol 2 Aim, Aol 2026-04-15 N/A
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
CVE-2025-10259 1 Mitsubishi 1 Melsec Iq-f Series 2026-04-15 5.3 Medium
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.
CVE-2011-10032 2 Microsoft, Sunwayland 2 Windows, Forcecontrol 2026-04-15 N/A
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.
CVE-2024-35532 2026-04-15 9.1 Critical
An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified vectors.
CVE-2024-54090 2026-04-15 5.9 Medium
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. This could allow an attacker with Medium (MED) or higher privileges to cause the device to enter an insecure cold start state.
CVE-2025-9316 1 N-able 1 N-central 2026-04-15 N/A
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.