Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37029 | 2026-02-04 | N/A | 8.4 HIGH | ||
|
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.
|
|||||
| CVE-2020-37025 | 2026-02-04 | N/A | 8.4 HIGH | ||
|
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerable Windows systems.
|
|||||
| CVE-2020-37024 | 2026-02-04 | N/A | 8.4 HIGH | ||
|
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute shellcode.
|
|||||
| CVE-2020-37065 | 2026-02-04 | N/A | 9.8 CRITICAL | ||
|
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the application.
|
|||||
| CVE-2020-37074 | 2026-02-04 | N/A | 9.8 CRITICAL | ||
|
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists.
|
|||||
| CVE-2020-37075 | 2026-02-04 | N/A | 9.8 CRITICAL | ||
|
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file.
|
|||||
| CVE-2020-37070 | 2026-02-04 | N/A | 9.8 CRITICAL | ||
|
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
|
|||||
| CVE-2025-10666 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2026-02-03 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2020-37049 | 2026-02-03 | N/A | 8.4 HIGH | ||
|
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
|
|||||
| CVE-2020-37043 | 2026-02-03 | N/A | 9.8 CRITICAL | ||
|
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
|
|||||
| CVE-2020-37042 | 2026-02-03 | N/A | 8.4 HIGH | ||
|
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
|
|||||
| CVE-2020-37040 | 2026-02-03 | N/A | 8.4 HIGH | ||
|
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
|
|||||
| CVE-2020-37050 | 2026-02-03 | N/A | 9.8 CRITICAL | ||
|
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
|
|||||
| CVE-2020-37036 | 2026-02-03 | N/A | 8.4 HIGH | ||
|
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
|
|||||
| CVE-2023-54328 | 1 Aimonesoft | 1 Aimone Video Converter | 2026-02-02 | N/A | 6.5 MEDIUM |
|
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
|
|||||
| CVE-2025-59947 | 1 Emqx | 1 Nanomq | 2026-01-30 | N/A | 9.0 CRITICAL |
|
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription.
|
|||||
| CVE-2021-47814 | 1 Nsasoft | 1 Nbmonitor | 2026-01-29 | N/A | 7.5 HIGH |
|
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.
|
|||||
| CVE-2026-1156 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-1155 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
|
|||||
| CVE-2026-1157 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-1158 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-1143 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-1328 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2020-37010 | 2026-01-29 | N/A | 9.8 CRITICAL | ||
|
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field.
|
|||||
| CVE-2020-36940 | 2026-01-29 | N/A | 9.8 CRITICAL | ||
|
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
|
|||||
| CVE-2020-36995 | 2026-01-29 | N/A | 7.5 HIGH | ||
|
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.
|
|||||
| CVE-2020-36994 | 2026-01-29 | N/A | 6.2 MEDIUM | ||
|
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
|
|||||
| CVE-2026-1420 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-28 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
|
|||||
| CVE-2025-14187 | 2026-01-28 | 8.3 HIGH | 7.2 HIGH | ||
|
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-47334 | 1 Qualcomm | 292 Csra6620, Csra6620 Firmware, Csra6640 and 289 more | 2026-01-27 | N/A | 6.7 MEDIUM |
|
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
|
|||||
| CVE-2025-47335 | 1 Qualcomm | 90 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 87 more | 2026-01-27 | N/A | 6.7 MEDIUM |
|
Memory corruption while parsing clock configuration data for a specific hardware type.
|
|||||
| CVE-2025-47321 | 1 Qualcomm | 230 Ar8031, Ar8031 Firmware, Ar8035 and 227 more | 2026-01-27 | N/A | 7.8 HIGH |
|
Memory corruption while copying packets received from unix clients.
|
|||||
| CVE-2025-47388 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
|
Memory corruption while passing pages to DSP with an unaligned starting address.
|
|||||
| CVE-2025-47394 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
|
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
|
|||||
| CVE-2026-24823 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C.
This issue affects X-TRACK: through v2.7.
|
|||||
| CVE-2026-24800 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
|
|||||
| CVE-2026-24799 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C.
This issue affects dlib: before v19.24.9.
|
|||||
| CVE-2026-24810 | 2026-01-27 | N/A | N/A | ||
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc.
This issue affects rethinkdb: through v2.4.4.
|
|||||
| CVE-2026-24344 | 2026-01-27 | N/A | N/A | ||
|
Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution
|
|||||
| CVE-2021-47854 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
|
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.
|
|||||