Total
13814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3630 | 1 Deltaww | 1 Commgr2 | 2026-03-10 | 9.8 Critical |
| Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2026-3823 | 2 Atop Technologies, Blackbeartechhive | 6 Ehg2408, Ehg2408-2sfp, Atop Ehg2408 and 3 more | 2026-03-10 | 8.8 High |
| EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | ||||
| CVE-2026-21352 | 1 Adobe | 2 Dng Sdk, Dng Software Development Kit | 2026-03-10 | 7.8 High |
| DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-70241 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-09 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. | ||||
| CVE-2025-70240 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-09 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. | ||||
| CVE-2025-70239 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-09 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. | ||||
| CVE-2025-70237 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-09 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. | ||||
| CVE-2025-70234 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-09 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | ||||
| CVE-2026-1678 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2026-03-09 | 9.4 Critical |
| dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled. | ||||
| CVE-2018-25198 | 1 Gaijin | 1 Etoolz | 2026-03-09 | 6.2 Medium |
| eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. | ||||
| CVE-2026-26736 | 1 Totolink | 2 A3002ru-v3, A3002ru Firmware | 2026-03-09 | 8.8 High |
| TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function. | ||||
| CVE-2025-47373 | 1 Qualcomm | 377 Ar8035, Ar8035 Firmware, Cologne and 374 more | 2026-03-09 | 7.8 High |
| Memory Corruption when accessing buffers with invalid length during TA invocation. | ||||
| CVE-2026-20434 | 1 Mediatek | 99 Lr12a, Lr13, Mt2735 and 96 more | 2026-03-06 | 7.5 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135. | ||||
| CVE-2026-28552 | 1 Huawei | 2 Emui, Harmonyos | 2026-03-06 | 6.5 Medium |
| Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-3382 | 1 Chaiscript | 1 Chaiscript | 2026-03-06 | 3.3 Low |
| A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-0037 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0035 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0032 | 1 Google | 1 Android | 2026-03-06 | 7.8 High |
| In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0030 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0010 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||