Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20698 | 2 Google, Mediatek | 40 Android, Mt2718, Mt6739 and 37 more | 2025-08-18 | N/A | 6.7 MEDIUM |
|
In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.
|
|||||
| CVE-2023-42131 | 1 Ansys | 1 Spaceclaim | 2025-08-18 | N/A | 7.8 HIGH |
|
Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a writ ...
Show More |
|||||
| CVE-2023-44428 | 1 Musescore | 1 Musescore | 2025-08-18 | N/A | 7.8 HIGH |
|
MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CAP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ...
Show More |
|||||
| CVE-2023-50234 | 1 Hancom | 1 Office Cell | 2025-08-15 | N/A | 7.8 HIGH |
|
Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data p ...
Show More |
|||||
| CVE-2024-13046 | 1 Ashlar | 1 Cobalt | 2025-08-15 | N/A | 7.8 HIGH |
|
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in ...
Show More |
|||||
| CVE-2021-30188 | 2 Codesys, Wago | 55 V2 Runtime System Sp, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
|
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
|
|||||
| CVE-2021-30189 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
|
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
|
|||||
| CVE-2021-30193 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
|
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
|
|||||
| CVE-2021-34583 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
|
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
|
|||||
| CVE-2021-30186 | 2 Codesys, Wago | 56 Plcwinnt, Runtime Toolkit, 750-8202 and 53 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
|
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
|
|||||
| CVE-2025-53741 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-53737 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-53732 | 1 Microsoft | 1 Office | 2025-08-15 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-1051 | 1 Sonos | 2 Era 300, Era 300 Firmware | 2025-08-15 | N/A | 8.8 HIGH |
|
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to exe ...
Show More |
|||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 6.3 MEDIUM |
|
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2023-50235 | 1 Hancom | 1 Office Show | 2025-08-14 | N/A | 7.8 HIGH |
|
Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data p ...
Show More |
|||||
| CVE-2025-6663 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-14 | N/A | 7.8 HIGH |
|
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to ...
Show More |
|||||
| CVE-2021-34947 | 1 Netgear | 82 D7800, D7800 Firmware, Ex2700 and 79 more | 2025-08-14 | N/A | 8.8 HIGH |
|
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An a ...
Show More |
|||||
| CVE-2021-34982 | 1 Netgear | 104 D6220, D6220 Firmware, D6400 and 101 more | 2025-08-14 | N/A | 8.8 HIGH |
|
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to cop ...
Show More |
|||||
| CVE-2025-24014 | 2 Netapp, Vim | 3 Hci Compute Node, Hci Compute Node Firmware, Vim | 2025-08-14 | N/A | 4.2 MEDIUM |
|
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable has ...
Show More |
|||||
| CVE-2025-49569 | 1 Adobe | 1 Substance 3d Viewer | 2025-08-14 | N/A | 7.8 HIGH |
|
Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49570 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-08-14 | N/A | 7.8 HIGH |
|
Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54222 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-08-14 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-5481 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-08-14 | N/A | 7.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can resu ...
Show More |
|||||
| CVE-2025-49563 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-08-14 | N/A | 7.8 HIGH |
|
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2018-17095 | 2 Audiofile, Canonical | 2 Audiofile, Ubuntu Linux | 2025-08-13 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
|
|||||
| CVE-2025-54221 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54218 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54216 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54215 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54206 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54210 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54208 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54187 | 1 Adobe | 1 Substance 3d Painter | 2025-08-13 | N/A | 7.8 HIGH |
|
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49572 | 1 Adobe | 1 Substance 3d Modeler | 2025-08-13 | N/A | 7.8 HIGH |
|
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49573 | 1 Adobe | 1 Substance 3d Modeler | 2025-08-13 | N/A | 7.8 HIGH |
|
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54213 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-13 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-3887 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2025-08-13 | N/A | 8.8 HIGH |
|
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior t ...
Show More |
|||||