Vulnerabilities (CVE)

Filtered by CWE-119
Total 13631 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-3538 1 Dlink 2 Di-8100, Di-8100 Firmware 2026-06-17 8.3 HIGH 8.8 HIGH
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.
CVE-2025-3409 1 Nothings 1 Stb Image.h 2026-06-17 7.5 HIGH 6.3 MEDIUM
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3407 1 Nothings 1 Stb Image.h 2026-06-17 7.5 HIGH 6.3 MEDIUM
A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3406 1 Nothings 1 Stb Image.h 2026-06-17 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3380 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3379 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3378 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3377 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component ENC Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3376 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component CONF Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3375 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component CDUP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3374 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3373 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3372 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3371 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3349 1 Pcman 1 Ftp Server 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3346 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3328 1 Tenda 2 Ac1206, Ac1206 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3266 1 Qinguoyi 1 Tinywebserver 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3259 1 Tenda 2 Rx3, Rx3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3203 1 Tenda 2 W18e, W18e Firmware 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.