Total
3990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7749 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2020-37130 | 1 Nsasoft | 1 Nsauditor | 2026-05-01 | N/A | 7.5 HIGH |
| Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field. | |||||
| CVE-2021-47815 | 1 Nsasoft | 1 Nsauditor | 2026-05-01 | N/A | 7.5 HIGH |
| Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash. | |||||
| CVE-2026-5404 | 1 Wireshark | 1 Wireshark | 2026-05-01 | N/A | 4.7 MEDIUM |
| K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||||
| CVE-2026-7321 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-01 | N/A | 9.6 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1. | |||||
| CVE-2026-7503 | 2026-05-01 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7512 | 2026-05-01 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-7513 | 2026-05-01 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25299 | 2026-04-30 | N/A | 8.4 HIGH | ||
| Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands. | |||||
| CVE-2018-25305 | 2026-04-30 | N/A | 6.2 MEDIUM | ||
| librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor. | |||||
| CVE-2018-25301 | 2026-04-30 | N/A | 8.4 HIGH | ||
| Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe. | |||||
| CVE-2018-25307 | 2026-04-30 | N/A | 8.4 HIGH | ||
| SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges. | |||||
| CVE-2018-25313 | 2026-04-30 | N/A | 6.2 MEDIUM | ||
| SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application. | |||||
| CVE-2026-5979 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5980 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5981 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5982 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5983 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5984 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-7420 | 2026-04-30 | 9.0 HIGH | 8.8 HIGH | ||
| A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||