Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24003 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 8.2 HIGH |
|
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
|
|||||
| CVE-2025-24004 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 5.2 MEDIUM |
|
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
|
|||||
| CVE-2018-9387 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-39134 | 1 Gdraheim | 1 Zziplib | 2025-07-10 | N/A | 7.5 HIGH |
|
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
|
|||||
| CVE-2025-6393 | 1 Totolink | 8 A3002r, A3002r Firmware, A3002ru and 5 more | 2025-07-09 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-44952 | 1 Open5gs | 1 Open5gs | 2025-07-09 | N/A | 7.8 HIGH |
|
A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.
|
|||||
| CVE-2025-29625 | 1 Astrolog | 1 Astrolog | 2025-07-09 | N/A | 7.8 HIGH |
|
A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.
|
|||||
| CVE-2025-6825 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-08 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6881 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-07-08 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-47248 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 6.3 MEDIUM |
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
|
|||||
| CVE-2024-40084 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
|
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.
|
|||||
| CVE-2024-33365 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-07-07 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.
|
|||||
| CVE-2025-6939 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6940 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-50258 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
|
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.
|
|||||
| CVE-2025-50262 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 7.5 HIGH |
|
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.
|
|||||
| CVE-2025-50263 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
|
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.
|
|||||
| CVE-2025-50641 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
|
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
|
|||||
| CVE-2025-6953 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2025-07-03 | N/A | 7.5 HIGH |
|
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
|
|||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2025-07-03 | N/A | 7.5 HIGH |
|
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
|
|||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-03 | N/A | 9.8 CRITICAL |
|
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.
|
|||||
| CVE-2024-31670 | 1 Rizin | 1 Rizin | 2025-07-02 | N/A | 6.3 MEDIUM |
|
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.
|
|||||
| CVE-2025-6129 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-07-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-57376 | 1 Dlink | 12 Dsr-1000n, Dsr-1000n Firmware, Dsr-150 and 9 more | 2025-07-01 | N/A | 8.8 HIGH |
|
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.
|
|||||
| CVE-2024-29645 | 1 Radare | 1 Radare2 | 2025-07-01 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.
|
|||||
| CVE-2025-1864 | 1 Radare | 1 Radare2 | 2025-07-01 | N/A | 9.8 CRITICAL |
|
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.
|
|||||
| CVE-2024-46657 | 1 Artifex | 1 Mupdf | 2025-07-01 | N/A | 5.5 MEDIUM |
|
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
|
|||||
| CVE-2025-6824 | 1 Totolink | 2 X15, X15 Firmware | 2025-07-01 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-28904 | 2025-06-30 | N/A | 5.2 MEDIUM | ||
|
A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process.
|
|||||
| CVE-2025-6751 | 2025-06-30 | 9.0 HIGH | 8.8 HIGH | ||
|
A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-41418 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
|
Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.
|
|||||
| CVE-2023-46012 | 1 Linksys | 2 Ea7500, Ea7500 Firmware | 2025-06-30 | N/A | 9.8 CRITICAL |
|
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.
|
|||||
| CVE-2024-57184 | 1 Gpac | 1 Gpac | 2025-06-27 | N/A | 5.5 MEDIUM |
|
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
|
|||||
| CVE-2025-0725 | 3 Haxx, Netapp, Zlib | 12 Curl, Libcurl, Hci Baseboard Management Controller and 9 more | 2025-06-27 | N/A | 7.3 HIGH |
|
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
|
|||||
| CVE-2021-23159 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | N/A | 5.5 MEDIUM |
|
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
|
|||||
| CVE-2021-3643 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
|
|||||
| CVE-2021-23172 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | N/A | 5.5 MEDIUM |
|
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.
|
|||||
| CVE-2025-1367 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-1368 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 1.4 LOW | 2.3 LOW |
|
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||