Total
3804 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8136 | 1 Totolink | 2 A702r, A702r Firmware | 2025-08-04 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46714 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | 7.8 High |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue. | ||||
| CVE-2025-46713 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | 7.8 High |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue. | ||||
| CVE-2023-38559 | 4 Artifex, Debian, Fedoraproject and 1 more | 4 Ghostscript, Debian Linux, Fedora and 1 more | 2025-08-03 | 5.5 Medium |
| A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | ||||
| CVE-2025-6337 | 1 Totolink | 4 A3002r, A3002r Firmware, A3002ru and 1 more | 2025-08-01 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53712 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-08-01 | 7.5 High |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-53713 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-08-01 | 7.5 High |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-53711 | 1 Tp-link | 5 Tl-wr841n, Tl-wr841n(eu), Tl-wr841n Firmware and 2 more | 2025-08-01 | 7.5 High |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-46847 | 2 Redhat, Squid-cache | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2025-08-01 | 8.6 High |
| Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | ||||
| CVE-2025-20115 | 1 Cisco | 2 Ios Xr, Ios Xr Software | 2025-08-01 | 8.6 High |
| A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. | ||||
| CVE-2025-29360 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29359 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29358 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-8168 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2025-07-31 | 8.8 High |
| A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-8169 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2025-07-31 | 8.8 High |
| A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-1253 | 1 Rti | 1 Connext Professional | 2025-07-31 | 7.8 High |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | ||||
| CVE-2023-52735 | 2 Linux, Redhat | 2 Linux Kernel, Rhel Eus | 2025-07-30 | 9.1 Critical |
| In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ | ||||
| CVE-2004-0210 | 1 Microsoft | 3 Interix, Windows 2000, Windows Nt | 2025-07-30 | 7.8 High |
| The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. | ||||
| CVE-2006-2492 | 1 Microsoft | 2 Office, Works Suite | 2025-07-30 | 8.8 High |
| Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | ||||
| CVE-2007-5659 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2025-07-30 | 7.8 High |
| Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||