Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15430 | 1 Utt | 2 512w, 512w Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-33130 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-20 | N/A | 6.5 MEDIUM |
|
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.
|
|||||
| CVE-2020-37204 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
|
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
|
|||||
| CVE-2020-37205 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
|
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
|
|||||
| CVE-2020-37209 | 1 Nsasoft | 1 Spotftp | 2026-02-20 | N/A | 7.5 HIGH |
|
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2020-37170 | 1 Raimersoft | 1 Tapinradio | 2026-02-19 | N/A | 6.2 MEDIUM |
|
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
|
|||||
| CVE-2020-37171 | 1 Raimersoft | 1 Tapinradio | 2026-02-19 | N/A | 6.2 MEDIUM |
|
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
|
|||||
| CVE-2020-37164 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
|
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
|
|||||
| CVE-2026-25994 | 1 Pjsip | 1 Pjsip | 2026-02-19 | N/A | 9.8 CRITICAL |
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.
|
|||||
| CVE-2020-37166 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
|
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
|
|||||
| CVE-2020-37165 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
|
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
|
|||||
| CVE-2019-25349 | 2026-02-19 | N/A | 7.5 HIGH | ||
|
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
|
|||||
| CVE-2019-25354 | 2026-02-19 | N/A | 7.5 HIGH | ||
|
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
|
|||||
| CVE-2019-25353 | 2026-02-19 | N/A | 7.5 HIGH | ||
|
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
|
|||||
| CVE-2025-70314 | 1 Ourway | 1 Webfsd | 2026-02-18 | N/A | 9.8 CRITICAL |
|
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
|
|||||
| CVE-2023-31979 | 1 Fossies | 1 Catdoc | 2026-02-18 | N/A | 7.8 HIGH |
|
Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.
|
|||||
| CVE-2026-1110 | 1 Cijliu | 1 Librtsp | 2026-02-18 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2020-37201 | 1 Nsasoft | 1 Netsharewatcher | 2026-02-17 | N/A | 7.5 HIGH |
|
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2026-24793 | 1 Azerothcore | 1 Azerothcore | 2026-02-17 | N/A | 9.8 CRITICAL |
|
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C.
This issue affects azerothcore-wotlk: through v4.0.0.
|
|||||
| CVE-2026-1108 | 1 Cijliu | 1 Librtsp | 2026-02-17 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1109 | 1 Cijliu | 1 Librtsp | 2026-02-17 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-2068 | 1 Utt | 2 520w, 520w Firmware | 2026-02-13 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-2070 | 1 Utt | 2 520w, 520w Firmware | 2026-02-13 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-2071 | 1 Utt | 2 520w, 520w Firmware | 2026-02-13 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-37020 | 1 Hp | 52 Elite Slice, Elite Slice Firmware, Elite Slice For Meeting Rooms and 49 more | 2026-02-13 | N/A | 6.8 MEDIUM |
|
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
|
|||||
| CVE-2020-37175 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
|
|||||
| CVE-2020-37187 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2020-37188 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.
|
|||||
| CVE-2020-37180 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
|
|||||
| CVE-2020-37203 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.
|
|||||
| CVE-2020-37194 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.
|
|||||
| CVE-2020-37215 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.
|
|||||
| CVE-2020-37193 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
|
|||||
| CVE-2020-37191 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.
|
|||||
| CVE-2020-37189 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
|
|||||
| CVE-2020-37190 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.
|
|||||
| CVE-2020-37195 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2020-37213 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.
|
|||||
| CVE-2020-37185 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
|
|||||
| CVE-2020-37202 | 2026-02-12 | N/A | 7.5 HIGH | ||
|
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
|
|||||