Total
2901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36855 | 1 Offis | 1 Dcmtk | 2025-10-31 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-8851 | 1 Libtiff | 1 Libtiff | 2025-10-30 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2025-61128 | 2025-10-30 | N/A | 9.1 CRITICAL | ||
|
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
|
|||||
| CVE-2024-45162 | 2025-10-30 | N/A | 9.8 CRITICAL | ||
|
A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.
|
|||||
| CVE-2025-61577 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-10-29 | N/A | 7.5 HIGH |
|
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2025-60341 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2022-23460 | 1 Hjiang | 1 Json\+\+ | 2025-10-28 | N/A | 5.9 MEDIUM |
|
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.
|
|||||
| CVE-2025-62579 | 1 Deltaww | 1 Asda Soft | 2025-10-28 | N/A | 7.8 HIGH |
|
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
|||||
| CVE-2025-62580 | 1 Deltaww | 1 Asda Soft | 2025-10-28 | N/A | 7.8 HIGH |
|
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
|||||
| CVE-2025-60566 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
|
|||||
| CVE-2025-12210 | 1 Tenda | 2 O3, O3 Firmware1.0.0.10\(2478\) | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-20352 | 1 Cisco | 3 Ios, Ios Xe, Ios Xe Sd-wan | 2025-10-28 | N/A | 7.7 HIGH |
|
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following:
An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials.
An authenticated, remote attacker ...
Show More |
|||||
| CVE-2022-20699 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2025-10-28 | 10.0 HIGH | 10.0 CRITICAL |
|
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-20700 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2025-10-28 | 10.0 HIGH | 10.0 CRITICAL |
|
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-20701 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2025-10-28 | 7.2 HIGH | 10.0 CRITICAL |
|
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-20703 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2025-10-28 | 7.2 HIGH | 10.0 CRITICAL |
|
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-20708 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2025-10-28 | 10.0 HIGH | 10.0 CRITICAL |
|
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2025-60568 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
|
|||||
| CVE-2025-60569 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
|
|||||
| CVE-2025-60570 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
|
|||||
| CVE-2025-60571 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
|
|||||
| CVE-2025-60572 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
|
|||||
| CVE-2025-60547 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.
|
|||||
| CVE-2025-60549 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.
|
|||||
| CVE-2025-60550 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.
|
|||||
| CVE-2025-60551 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.
|
|||||
| CVE-2025-60552 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.
|
|||||
| CVE-2025-60557 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.
|
|||||
| CVE-2025-60555 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.
|
|||||
| CVE-2025-60556 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.
|
|||||
| CVE-2025-60559 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
|
|||||
| CVE-2025-60558 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
|
|||||
| CVE-2025-60561 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
|
|||||
| CVE-2025-60562 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
|
|||||
| CVE-2025-60564 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.
|
|||||
| CVE-2025-60565 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
|
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
|
|||||
| CVE-2025-12213 | 1 Tenda | 2 O3, O3 Firmware1.0.0.10\(2478\) | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-12225 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-12241 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-12258 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.
|
|||||