Total
13622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5052 | 1 Freefloat | 1 Freefloat Ftp Server | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5051 | 1 Freefloat | 1 Freefloat Ftp Server | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5050 | 1 Freefloat | 1 Freefloat Ftp Server | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown processing of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5049 | 1 Freefloat | 1 Freefloat Ftp Server | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-58750 | 1 Rathena | 1 Rathena | 2026-06-17 | N/A | 8.2 HIGH |
| rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b. | |||||
| CVE-2025-58409 | 1 Imaginationtech | 1 Ddk | 2026-06-17 | N/A | 3.5 LOW |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory. | |||||
| CVE-2025-55286 | 2026-06-17 | N/A | N/A | ||
| z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing (SSAA) method. Under certain circumstances where the path being drawn existed in whole or partly outside of the rendering surface, incorrect bounding could cause out-of-bounds access within the coverage buffer. This affects the higher-level drawing operations, such as Context.fill, Context.stroke, painter.fill, and painter.stroke, when either the .default or .multisample_4x anti-aliasing modes were used. .supersample_4x was not affected, nor was drawing without anti-aliasing. In non-safe optimization modes (consumers compiling with ReleaseFast or ReleaseSmall), this could potentially lead to invalid memory accesses or corruption. z2d v0.7.1 fixes this issue, and it's recommended to upgrade to v0.7.1, or, given the small period of time v0.7.0 has been released, use v0.7.1 immediately, skipping v0.7.0. | |||||
| CVE-2025-55159 | 2026-06-17 | N/A | N/A | ||
| slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length. | |||||
| CVE-2025-55089 | 1 Eclipse | 1 Threadx Filex | 2026-06-17 | N/A | 9.8 CRITICAL |
| In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets | |||||
| CVE-2025-53965 | 1 Samsung | 36 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 33 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error. | |||||
| CVE-2025-53715 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53714 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53713 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53712 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53711 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53619 | 1 Malaterre | 1 Grassroots Dicom | 2026-06-17 | N/A | 7.4 HIGH |
| An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data | |||||
| CVE-2025-53618 | 1 Malaterre | 1 Grassroots Dicom | 2026-06-17 | N/A | 7.4 HIGH |
| An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data | |||||
| CVE-2025-52582 | 1 Malaterre | 1 Grassroots Dicom | 2026-06-17 | N/A | 7.4 HIGH |
| An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-52566 | 1 Ggml | 1 Llama.cpp | 2026-06-17 | N/A | 8.6 HIGH |
| llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721. | |||||
| CVE-2025-52264 | 2026-06-17 | N/A | 8.0 HIGH | ||
| StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a stack overflow via the cgiMain function at download.cgi. | |||||
