Total
3792 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9387 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
| In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-39134 | 1 Gdraheim | 1 Zziplib | 2025-07-10 | N/A | 7.5 HIGH |
| A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. | |||||
| CVE-2025-6393 | 1 Totolink | 8 A3002r, A3002r Firmware, A3002ru and 5 more | 2025-07-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-44952 | 1 Open5gs | 1 Open5gs | 2025-07-09 | N/A | 7.8 HIGH |
| A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101. | |||||
| CVE-2025-29625 | 1 Astrolog | 1 Astrolog | 2025-07-09 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. | |||||
| CVE-2025-6825 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6881 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-07-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47248 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 6.3 MEDIUM |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | |||||
| CVE-2024-40084 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | |||||
| CVE-2024-33365 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-07-07 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. | |||||
| CVE-2025-6939 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6940 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-50258 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter. | |||||
| CVE-2025-50262 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 7.5 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter. | |||||
| CVE-2025-50263 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter. | |||||
| CVE-2025-6953 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2025-07-03 | N/A | 7.5 HIGH |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2025-07-03 | N/A | 7.5 HIGH |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-03 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | |||||
| CVE-2024-31670 | 1 Rizin | 1 Rizin | 2025-07-02 | N/A | 6.3 MEDIUM |
| rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. | |||||