Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5635 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2025-06-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5609 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5608 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5607 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5735 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5671 | 1 Totolink | 2 N302r Plus, N302r Plus Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5672 | 1 Totolink | 2 N302r Plus, N302r Plus Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5734 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5736 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5737 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5738 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5739 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-46035 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
|
|||||
| CVE-2022-36587 | 1 Tenda | 2 G3, G3 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
|
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary.
|
|||||
| CVE-2022-31414 | 1 Dlink | 2 Dir-1960, Dir-1960 Firmware | 2025-06-17 | N/A | 7.5 HIGH |
|
D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. This vulnerability allowed attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
|
|||||
| CVE-2025-45864 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 5.4 MEDIUM |
|
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
|
|||||
| CVE-2025-45866 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 5.4 MEDIUM |
|
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
|
|||||
| CVE-2025-6113 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-33820 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 7.5 HIGH |
|
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
|
|||||
| CVE-2023-40830 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
|
Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.
|
|||||
| CVE-2024-46292 | 1 Trustwave | 1 Modsecurity | 2025-06-17 | N/A | 7.5 HIGH |
|
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
|
|||||
| CVE-2024-45184 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-06-17 | N/A | 6.2 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service.
|
|||||
| CVE-2024-22912 | 1 Swftools | 1 Swftools | 2025-06-17 | N/A | 7.8 HIGH |
|
A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.
|
|||||
| CVE-2024-29243 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
|
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi.
|
|||||
| CVE-2024-29244 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
|
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi.
|
|||||
| CVE-2024-29646 | 1 Radare | 1 Radare2 | 2025-06-17 | N/A | 9.8 CRITICAL |
|
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
|
|||||
| CVE-2024-35410 | 1 Kanaka | 1 Wac | 2025-06-17 | N/A | 6.2 MEDIUM |
|
wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
|
|||||
| CVE-2024-35418 | 1 Kanaka | 1 Wac | 2025-06-17 | N/A | 6.2 MEDIUM |
|
wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
|
|||||
| CVE-2024-35419 | 1 Kanaka | 1 Wac | 2025-06-17 | N/A | 5.5 MEDIUM |
|
wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
|
|||||
| CVE-2024-35420 | 1 Kanaka | 1 Wac | 2025-06-17 | N/A | 6.2 MEDIUM |
|
wac commit 385e1 was discovered to contain a heap overflow.
|
|||||
| CVE-2024-52533 | 3 Debian, Gnome, Netapp | 4 Debian Linux, Glib, Active Iq Unified Manager and 1 more | 2025-06-17 | N/A | 9.8 CRITICAL |
|
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
|
|||||
| CVE-2024-33783 | 1 Csiro | 1 Multi-protocol Spdz | 2025-06-16 | N/A | 6.5 MEDIUM |
|
MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.
|
|||||
| CVE-2024-33780 | 1 Csiro | 1 Multi-protocol Spdz | 2025-06-16 | N/A | 6.5 MEDIUM |
|
MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.
|
|||||
| CVE-2024-22749 | 1 Gpac | 1 Gpac | 2025-06-16 | N/A | 7.8 HIGH |
|
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
|
|||||
| CVE-2023-32401 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 7.8 HIGH |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2025-45859 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-16 | N/A | 5.4 MEDIUM |
|
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
|
|||||
| CVE-2025-5907 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5908 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5909 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5910 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||