Total
3799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28162 | 1 Libpng | 1 Libpng | 2026-02-06 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive | |||||
| CVE-2026-1162 | 1 Utt | 2 810, 810 Firmware | 2026-02-06 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2024-42642 | 1 Crucial | 6 Ct1000mx500ssd1, Ct2000mx500ssd1, Ct250mx500ssd1 and 3 more | 2026-02-05 | N/A | 6.7 MEDIUM |
| Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page. | |||||
| CVE-2026-1140 | 1 Utt | 2 520w, 520w Firmware | 2026-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1139 | 1 Utt | 2 520w, 520w Firmware | 2026-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1138 | 1 Utt | 2 520w, 520w Firmware | 2026-02-04 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1137 | 1 Utt | 2 520w, 520w Firmware | 2026-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-23236 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | N/A | 8.8 HIGH |
| Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | |||||
| CVE-2025-10666 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2026-02-03 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-54328 | 1 Aimonesoft | 1 Aimone Video Converter | 2026-02-02 | N/A | 6.5 MEDIUM |
| AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism. | |||||
| CVE-2025-59947 | 1 Emqx | 1 Nanomq | 2026-01-30 | N/A | 9.0 CRITICAL |
| NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription. | |||||
| CVE-2021-47814 | 1 Nsasoft | 1 Nbmonitor | 2026-01-29 | N/A | 7.5 HIGH |
| NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability. | |||||
| CVE-2026-1156 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1155 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2026-1157 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-1158 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-1143 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1328 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-1420 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-28 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-47334 | 1 Qualcomm | 292 Csra6620, Csra6620 Firmware, Csra6640 and 289 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | |||||