Total
3779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6634 | 2025-08-06 | 7.8 High | ||
| A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-27072 | 2025-08-06 | 5.5 Medium | ||
| Information disclosure while processing a packet at EAVB BE side with invalid header length. | ||||
| CVE-2025-54632 | 2025-08-06 | 6.8 Medium | ||
| Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2025-27071 | 2025-08-06 | 7.3 High | ||
| Memory corruption while processing specific files in Powerline Communication Firmware. | ||||
| CVE-2024-5305 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 7.8 High |
| Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921. | ||||
| CVE-2025-36557 | 1 F5 | 14 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 11 more | 2025-08-06 | 7.5 High |
| When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2013-1424 | 1 Debian | 1 Matplotlib | 2025-08-06 | 5.6 Medium |
| Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | ||||
| CVE-2025-5037 | 1 Autodesk | 1 Revit | 2025-08-06 | 7.8 High |
| A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | ||||
| CVE-2024-5243 | 2 Tp-link, Tp Link | 3 Omada Er605, Omada Er605 Firmware, Omada Er605 | 2025-08-06 | 7.5 High |
| TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523. | ||||
| CVE-2012-10035 | 2025-08-05 | N/A | ||
| Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges. | ||||
| CVE-2025-8160 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-05 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8180 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-08-05 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-20846 | 1 Cisco | 2 Ios Xr, Ios Xr Software | 2025-08-05 | 4.3 Medium |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see . | ||||
| CVE-2025-49464 | 1 Zoom | 1 Zoom | 2025-08-05 | 6.5 Medium |
| Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access. | ||||
| CVE-2025-7345 | 1 Redhat | 1 Enterprise Linux | 2025-08-05 | 7.5 High |
| A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | ||||
| CVE-2024-5463 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-08-04 | 6.5 Medium |
| A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500. | ||||
| CVE-2025-8136 | 1 Totolink | 2 A702r, A702r Firmware | 2025-08-04 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46714 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | 7.8 High |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue. | ||||
| CVE-2025-46713 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | 7.8 High |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue. | ||||