Vulnerabilities (CVE)

Filtered by CWE-119
Total 13645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-13566 2026-06-17 1.7 LOW 3.3 LOW
A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.
CVE-2025-13553 1 Dlink 2 Dwr-m920, Dwr-m920 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-13552 1 Dlink 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
CVE-2025-13551 1 Dlink 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2025-13550 1 Dlink 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-13549 1 Dlink 2 Dir-822k, Dir-822k Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2025-13548 1 Dlink 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-13547 1 Dlink 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more 2026-06-17 9.0 HIGH 8.8 HIGH
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-13446 1 Tenda 2 Ac21, Ac21 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-13445 1 Tenda 2 Ac21, Ac21 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-13400 1 Tenda 2 Ch22, Ch22 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-13305 1 Dlink 10 Dir-825m, Dir-825m Firmware, Dwr-m920 and 7 more 2026-06-17 9.0 HIGH 8.8 HIGH
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-13304 1 Dlink 10 Dir-825m, Dir-825m Firmware, Dwr-m920 and 7 more 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
CVE-2025-13288 1 Tenda 2 Ch22, Ch22 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-13258 1 Tenda 2 Ac20, Ac20 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2025-13191 1 Dlink 2 Dir-816l, Dir-816l Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13190 1 Dlink 2 Dir-816l, Dir-816l Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13189 1 Dlink 2 Dir-816l, Dir-816l Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13188 1 Dlink 2 Dir-816l, Dir-816l Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13120 1 Mruby 1 Mruby 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.