Total
3795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37050 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 6.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||
| CVE-2024-37044 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||
| CVE-2024-37041 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||
| CVE-2025-30265 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-22 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | |||||
| CVE-2025-54632 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | N/A | 6.8 MEDIUM |
| Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2023-47430 | 1 Readymedia Project | 1 Readymedia | 2025-09-19 | N/A | 7.5 HIGH |
| Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c. | |||||
| CVE-2024-25139 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-09-18 | N/A | 10.0 CRITICAL |
| In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. | |||||
| CVE-2024-26936 | 1 Linux | 1 Linux Kernel | 2025-09-18 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used in smb2_allocate_rsp_buf(). This patch add simple buffer size validation to avoid potencial out-of-bounds in request buffer. | |||||
| CVE-2025-57569 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | N/A | 5.6 MEDIUM |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. | |||||
| CVE-2025-57570 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | N/A | 5.6 MEDIUM |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. | |||||
| CVE-2025-57571 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | N/A | 5.6 MEDIUM |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. | |||||
| CVE-2025-57572 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | N/A | 5.6 MEDIUM |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. | |||||
| CVE-2025-57573 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | N/A | 5.6 MEDIUM |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. | |||||
| CVE-2024-22905 | 1 Arm | 1 Mbed Os | 2025-09-15 | N/A | 7.0 HIGH |
| Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. | |||||
| CVE-2023-42276 | 1 Hutool | 1 Hutool | 2025-09-12 | N/A | 9.8 CRITICAL |
| hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | |||||
| CVE-2025-53888 | 1 Riot-os | 1 Riot | 2025-09-11 | N/A | 9.8 CRITICAL |
| RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter_add()` function shown below, `addr_len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there would be no size check for `addr_len`. As a consequence, if an attacker were to provide an `addr_len` value larger than `CONFIG_L2FILTER_ADDR_MAXLEN`, they can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution. Commit f6f7de4ccc107c018630e4c15500825caf02e1c2 contains a patch for the vulnerability. | |||||
| CVE-2025-8177 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-10120 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-09-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2025-5828 | 1 Autel | 18 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware, Maxicharger Ac Pro and 15 more | 2025-09-10 | N/A | 6.8 MEDIUM |
| Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB frame packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26328. | |||||