Total
3886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54632 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 6.8 Medium |
| Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2025-10666 | 2 D-link, Dlink | 3 Dir-825, Dir-825, Dir-825 Firmware | 2025-09-19 | 8.8 High |
| A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 8.8 High |
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2023-47430 | 1 Readymedia Project | 1 Readymedia | 2025-09-19 | 6.5 Medium |
| Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c. | ||||
| CVE-2024-25139 | 2 Tp-link, Tp Link | 3 Omada Er605, Omada Er605 Firmware, Omada Er605 | 2025-09-18 | 10.0 Critical |
| In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. | ||||
| CVE-2024-26936 | 1 Linux | 2 Linux, Linux Kernel | 2025-09-18 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used in smb2_allocate_rsp_buf(). This patch add simple buffer size validation to avoid potencial out-of-bounds in request buffer. | ||||
| CVE-2025-57569 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. | ||||
| CVE-2025-57570 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. | ||||
| CVE-2025-57571 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. | ||||
| CVE-2025-57572 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. | ||||
| CVE-2025-57573 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. | ||||
| CVE-2025-43370 | 1 Apple | 1 Xcode | 2025-09-17 | 4 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | ||||
| CVE-2025-43312 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 5.5 Medium |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination. | ||||
| CVE-2024-50282 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434) | ||||
| CVE-2024-26915 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well. | ||||
| CVE-2024-22905 | 1 Arm | 2 Mbed-os, Mbed Os | 2025-09-15 | 7.0 High |
| Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. | ||||
| CVE-2025-10385 | 1 Mercury | 1 Km08-708h Giga Wifi Wave2 | 2025-09-15 | 8.8 High |
| A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-46847 | 2 Redhat, Squid-cache | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2025-09-12 | 8.6 High |
| Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | ||||
| CVE-2023-42276 | 1 Hutool | 1 Hutool | 2025-09-12 | 9.8 Critical |
| hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | ||||
| CVE-2025-10170 | 1 Utt | 1 1200gw | 2025-09-12 | 8.8 High |
| A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||