Total
3989 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14535 | 1 Utt | 1 512w | 2025-12-12 | 9.8 Critical |
| A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-36924 | 1 Google | 1 Android | 2025-12-12 | 8 High |
| In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36927 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36928 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36930 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36931 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36917 | 1 Google | 1 Android | 2025-12-12 | 6.5 Medium |
| In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-14534 | 1 Utt | 1 512w | 2025-12-12 | 9.8 Critical |
| A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14526 | 1 Tenda | 1 Ch22 | 2025-12-12 | 8.8 High |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-65288 | 2 Mercury, Mercurycom | 3 Mr816v2, Mr816, Mr816 Firmware | 2025-12-12 | 6.5 Medium |
| A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long hostname can overflow the buffer, cause a crash (DoS) and potentially enabling remote code execution. | ||||
| CVE-2025-14139 | 1 Utt | 2 520w, 520w Firmware | 2025-12-12 | 5.7 Medium |
| A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName leads to buffer overflow. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14140 | 1 Utt | 2 520w, 520w Firmware | 2025-12-12 | 6.5 Medium |
| A vulnerability was detected in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14141 | 1 Utt | 2 520w, 520w Firmware | 2025-12-11 | 8.8 High |
| A flaw has been found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-66287 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-12-11 | 8.8 High |
| A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | ||||
| CVE-2025-64053 | 2 Fanvil, Tenda | 3 X210 V2, X210, X210 Firmware | 2025-12-10 | 7.5 High |
| A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. | ||||
| CVE-2025-14310 | 1 Rethinkdb | 1 Rethinkdb | 2025-12-10 | N/A |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4. | ||||
| CVE-2021-47347 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size. | ||||
| CVE-2022-37055 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-12-09 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | ||||
| CVE-2025-14191 | 1 Utt | 1 512w | 2025-12-08 | 8.8 High |
| A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8854 | 2 Bullet3 Project, Bulletphysics | 2 Bullet3, Pybullet | 2025-12-08 | 9.8 Critical |
| Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function. | ||||