Total
3691 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5608 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5607 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-38583 | 1 Tonybybell | 1 Gtkwave | 2025-06-17 | 7.8 High |
| A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2025-5735 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5671 | 1 Totolink | 2 N302r Plus, N302r Plus Firmware | 2025-06-17 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5672 | 1 Totolink | 2 N302r Plus, N302r Plus Firmware | 2025-06-17 | 8.8 High |
| A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5734 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5736 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5737 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5738 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5739 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46035 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | 7.5 High |
| Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint | ||||
| CVE-2023-45043 | 1 Qnap | 2 Qts, Quts Hero | 2025-06-17 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | ||||
| CVE-2023-45042 | 1 Qnap | 2 Qts, Quts Hero | 2025-06-17 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | ||||
| CVE-2023-45040 | 1 Qnap | 2 Qts, Quts Hero | 2025-06-17 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | ||||
| CVE-2023-52304 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-17 | 8.2 High |
| Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||||
| CVE-2022-36587 | 1 Tenda | 2 G3, G3 Firmware | 2025-06-17 | 9.8 Critical |
| In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary. | ||||
| CVE-2022-31414 | 1 Dlink | 2 Dir-1960, Dir-1960 Firmware | 2025-06-17 | 7.5 High |
| D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. This vulnerability allowed attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2023-33113 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2025-06-17 | 8.4 High |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. | ||||
| CVE-2025-45864 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | 5.4 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. | ||||