Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54245 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | N/A | 7.8 HIGH |
|
Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54243 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | N/A | 7.8 HIGH |
|
Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47206 | 1 Qnap | 1 File Station | 2025-09-12 | N/A | 8.1 HIGH |
|
An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4933 and later
|
|||||
| CVE-2025-9300 | 1 Libsixel Project | 1 Libsixel | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
|
|||||
| CVE-2025-21034 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
|
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
|
|||||
| CVE-2025-9175 | 1 Neurobin | 1 Shc | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-9001 | 1 Lemonos | 1 Lemonos | 2025-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-9019 | 1 Broadcom | 1 Tcpreplay | 2025-09-11 | 2.6 LOW | 3.1 LOW |
|
A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. Th ...
Show More |
|||||
| CVE-2025-58050 | 1 Pcre | 1 Pcre2 | 2025-09-09 | N/A | 9.1 CRITICAL |
|
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable ...
Show More |
|||||
| CVE-2025-32316 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
|
In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-0034 | 2025-09-08 | N/A | 4.7 MEDIUM | ||
|
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.
|
|||||
| CVE-2025-0010 | 2025-09-08 | N/A | 6.1 MEDIUM | ||
|
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
|
|||||
| CVE-2021-26383 | 2025-09-08 | N/A | 7.9 HIGH | ||
|
Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.
|
|||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2025-09-05 | N/A | 5.5 MEDIUM |
|
An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.
|
|||||
| CVE-2025-9732 | 1 Offis | 1 Dcmtk | 2025-09-05 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2025-48540 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-49739 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
|
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21475 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
|
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-21476 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
|
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2024-56190 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36887 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36897 | 1 Google | 1 Android | 2025-09-05 | N/A | 9.8 CRITICAL |
|
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36903 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36907 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.3 HIGH |
|
In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-36908 | 1 Google | 1 Android | 2025-09-05 | N/A | 6.7 MEDIUM |
|
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-9748 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.
|
|||||
| CVE-2024-49730 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
|
In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-9791 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2024-43689 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2025-09-04 | N/A | 9.8 CRITICAL |
|
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
|
|||||
| CVE-2018-20655 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2025-09-03 | 7.5 HIGH | 9.8 CRITICAL |
|
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.
|
|||||
| CVE-2018-6349 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2025-09-03 | 7.5 HIGH | 9.8 CRITICAL |
|
When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.
|
|||||
| CVE-2024-42987 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-09-02 | N/A | 7.5 HIGH |
|
Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be l ...
Show More |
|||||
| CVE-2023-6816 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux Desktop and 4 more | 2025-08-29 | N/A | 9.8 CRITICAL |
|
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
|
|||||
| CVE-2024-0409 | 4 Fedoraproject, Redhat, Tigervnc and 1 more | 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more | 2025-08-29 | N/A | 7.8 HIGH |
|
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
|
|||||
| CVE-2022-2320 | 1 X.org | 1 X Server | 2025-08-29 | N/A | 7.8 HIGH |
|
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
|
|||||
| CVE-2020-17131 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2025-08-28 | 5.1 MEDIUM | 4.2 MEDIUM |
|
Chakra Scripting Engine Memory Corruption Vulnerability
|
|||||
| CVE-2020-36518 | 4 Debian, Fasterxml, Netapp and 1 more | 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more | 2025-08-27 | 5.0 MEDIUM | 7.5 HIGH |
|
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
|
|||||
| CVE-2024-27372 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-08-27 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-7674 | 1 Autodesk | 1 Navisworks | 2025-08-26 | N/A | 7.8 HIGH |
|
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
|
|||||
| CVE-2024-7672 | 1 Autodesk | 1 Navisworks | 2025-08-26 | N/A | 7.8 HIGH |
|
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
|
|||||