Total
2471 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6073 | 2025-07-03 | 7.5 High | ||
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer for username or password. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. | ||||
| CVE-2025-6072 | 2025-07-03 | 7.5 High | ||
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. | ||||
| CVE-2025-50260 | 2025-07-03 | 7.5 High | ||
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter. | ||||
| CVE-2025-24328 | 2025-07-03 | 4.2 Medium | ||
| Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service. | ||||
| CVE-2025-43025 | 2025-07-03 | N/A | ||
| HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.). | ||||
| CVE-2025-6302 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-07-02 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-24075 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-02 | 7.8 High |
| Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-53427 | 1 Jqlang | 1 Jq | 2025-07-01 | 8.1 High |
| decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | ||||
| CVE-2025-50528 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-01 | 7.3 High |
| A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. | ||||
| CVE-2025-6886 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-01 | 8.8 High |
| A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6887 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-01 | 8.8 High |
| A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0566 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-07-01 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52924 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2025-07-01 | 7.5 High |
| An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack | ||||
| CVE-2024-53621 | 2025-06-30 | 7.5 High | ||
| A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2025-6752 | 2025-06-30 | 8.8 High | ||
| A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6857 | 2025-06-30 | 3.3 Low | ||
| A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32303 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-30 | 8 High |
| Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-25580 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2025-06-30 | 6.2 Medium |
| An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | ||||
| CVE-2024-30166 | 1 Arm | 1 Mbed Tls | 2025-06-27 | 9.1 Critical |
| In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. | ||||
| CVE-2024-37600 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | 6.8 Medium |
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the Service Broker service. With prepared HTTP requests, an attacker can cause the Service-Broker service to fail. | ||||