Total
3937 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24004 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 5.2 Medium |
| A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. | ||||
| CVE-2018-9387 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-39134 | 2 Gdraheim, Zziplib | 2 Zziplib, Zziplib | 2025-07-10 | 7.5 High |
| A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. | ||||
| CVE-2025-6393 | 1 Totolink | 8 A3002r, A3002r Firmware, A3002ru and 5 more | 2025-07-09 | 8.8 High |
| A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-44951 | 1 Open5gs | 1 Open5gs | 2025-07-09 | 7.1 High |
| A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32. | ||||
| CVE-2025-44952 | 1 Open5gs | 1 Open5gs | 2025-07-09 | 7.8 High |
| A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101. | ||||
| CVE-2025-29625 | 1 Astrolog | 1 Astrolog | 2025-07-09 | 7.8 High |
| A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. | ||||
| CVE-2022-24512 | 3 Fedoraproject, Microsoft, Redhat | 8 Fedora, .net, .net Core and 5 more | 2025-07-08 | 6.3 Medium |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-6825 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-08 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6881 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-07-08 | 8.8 High |
| A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47248 | 1 Apache | 1 Nimble | 2025-07-08 | 6.3 Medium |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | ||||
| CVE-2024-40084 | 1 Viloliving | 3 Vilo 5, Vilo 5 Firmware, Vilo 5 Mesh Wifi System Firmware | 2025-07-07 | 9.6 Critical |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | ||||
| CVE-2024-33365 | 2 Tenda, Tendacn | 3 Ac10, Ac10 Firmware, Ac10 Firmware | 2025-07-07 | 7.5 High |
| Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. | ||||
| CVE-2025-6939 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6940 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50258 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 8.1 High |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter. | ||||
| CVE-2025-50262 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.5 High |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter. | ||||
| CVE-2025-50641 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 6.5 Medium |
| Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | ||||
| CVE-2025-6953 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6824 | 1 Totolink | 2 X15, X15 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||