Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1755 | 1 Computy | 1 Nps Computy | 2025-05-08 | N/A | 8.8 HIGH |
|
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
|
|||||
| CVE-2025-28221 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-05-08 | N/A | 7.5 HIGH |
|
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
|
|||||
| CVE-2024-12194 | 1 Autodesk | 1 Navisworks | 2025-05-08 | N/A | 7.8 HIGH |
|
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
|
|||||
| CVE-2021-42553 | 1 St | 1 Stm32 Mw Usb Host | 2025-05-07 | N/A | 6.8 MEDIUM |
|
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.
|
|||||
| CVE-2024-58106 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 4.6 MEDIUM |
|
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-58107 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 7.5 HIGH |
|
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-58108 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 4.6 MEDIUM |
|
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-58109 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 4.6 MEDIUM |
|
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-58110 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 4.6 MEDIUM |
|
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2025-3988 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-25662 | 1 Tenda | 2 O4, O4 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.
|
|||||
| CVE-2025-3148 | 1 Code-projects | 1 Product Management System | 2025-05-07 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50996 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51003 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2021-40241 | 1 Xfig Project | 1 Xfig | 2025-05-07 | N/A | 9.8 CRITICAL |
|
xfig 3.2.7 is vulnerable to Buffer Overflow.
|
|||||
| CVE-2025-28018 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.
|
|||||
| CVE-2025-28019 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component
|
|||||
| CVE-2025-28020 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
|
|||||
| CVE-2025-28021 | 1 Totolink | 2 A810r, A810r Firmware | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters
|
|||||
| CVE-2025-28022 | 1 Totolink | 2 A810r, A810r Firmware | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
|
|||||
| CVE-2025-28025 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.
|
|||||
| CVE-2025-28028 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | N/A | 7.3 HIGH |
|
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.
|
|||||
| CVE-2022-43752 | 2 Common Desktop Environment Project, Oracle | 2 Common Desktop Environment, Solaris | 2025-05-06 | N/A | 7.8 HIGH |
|
Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.
|
|||||
| CVE-2025-28220 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-05-06 | N/A | 7.5 HIGH |
|
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
|
|||||
| CVE-2022-32941 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | N/A | 9.8 CRITICAL |
|
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.
|
|||||
| CVE-2023-52346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | N/A | 4.4 MEDIUM |
|
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed
|
|||||
| CVE-2024-50839 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
|
|||||
| CVE-2024-50840 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
|
|||||
| CVE-2024-50838 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
|
|||||
| CVE-2024-25165 | 1 Swftools | 1 Swftools | 2025-05-05 | N/A | 7.8 HIGH |
|
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.
|
|||||
| CVE-2022-23219 | 3 Debian, Gnu, Oracle | 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
|
|||||
| CVE-2022-23218 | 3 Debian, Gnu, Oracle | 4 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
|
|||||
| CVE-2021-38111 | 1 Defcon | 2 Def Con 27, Def Con 27 Firmware | 2025-05-05 | 5.8 MEDIUM | 8.8 HIGH |
|
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.
|
|||||
| CVE-2021-0115 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2025-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-34244 | 1 Libmodbus | 1 Libmodbus | 2025-05-05 | N/A | 7.5 HIGH |
|
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.
|
|||||
| CVE-2024-35099 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-05-05 | N/A | 9.8 CRITICAL |
|
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
|
|||||
| CVE-2023-29468 | 1 Ti | 1 Wilink8-wifi-mcp8 | 2025-05-05 | N/A | 9.8 CRITICAL |
|
The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.
|
|||||
| CVE-2023-28772 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 6.7 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
|
|||||
| CVE-2023-28214 | 1 Apple | 1 Macos | 2025-05-05 | N/A | 7.8 HIGH |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
|
|||||
| CVE-2023-28213 | 1 Apple | 1 Macos | 2025-05-05 | N/A | 7.8 HIGH |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
|
|||||