Total
2717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15233 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-05 | 8.8 High |
| A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-15247 | 1 Gmg137 | 1 Snap7-rs | 2026-01-05 | 7.3 High |
| A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2025-11961 | 1 Tcpdump | 1 Libpcap | 2026-01-05 | 1.9 Low |
| pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-01-02 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59191 | 1 Microsoft | 23 Connected Devices Platform Service, Windows, Windows 10 and 20 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58725 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-01-02 | 7 High |
| Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55697 | 1 Microsoft | 7 Azure, Azure Local, Windows Server and 4 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59295 | 1 Microsoft | 31 Internet Explorer, Windows, Windows 10 and 28 more | 2026-01-02 | 8.8 High |
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59255 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59254 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59242 | 1 Microsoft | 26 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 23 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58722 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62201 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-60724 | 1 Microsoft | 31 Graphics Component, Office, Office For Mac and 28 more | 2026-01-02 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-60715 | 1 Microsoft | 28 Remote, Windows, Windows 10 and 25 more | 2026-01-02 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-60714 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2026-01-02 | 7.8 High |
| Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62452 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2026-01-02 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-62220 | 1 Microsoft | 3 Windows, Windows Subsystem For Linux, Windows Subsystem For Linux Gui | 2026-01-02 | 8.8 High |
| Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59504 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-01-02 | 7.3 High |
| Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-67873 | 1 Capstone-engine | 1 Capstone | 2026-01-02 | 4.8 Medium |
| Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue. | ||||