Total
12710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43343 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-09-17 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43287 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 7.1 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory. | |||||
| CVE-2025-43272 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-17 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-8159 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-09-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8837 | 1 Jasper Project | 1 Jasper | 2025-09-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-8746 | 1 Gnu | 1 Libopts | 2025-09-16 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-10392 | 2025-09-15 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-10385 | 2025-09-15 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8846 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8842 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8843 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8845 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9394 | 1 Podofo Project | 1 Podofo | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue. | |||||
| CVE-2025-9389 | 1 Vim | 1 Vim | 2025-09-12 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on". | |||||
| CVE-2025-9136 | 1 Libretro | 1 Retroarch | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-9300 | 1 Libsixel Project | 1 Libsixel | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue. | |||||
| CVE-2025-9175 | 1 Neurobin | 1 Shc | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2025-9001 | 1 Lemonos | 1 Lemonos | 2025-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9019 | 1 Broadcom | 1 Tcpreplay | 2025-09-11 | 2.6 LOW | 3.1 LOW |
| A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | |||||
| CVE-2025-10170 | 2025-09-11 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||