Total
3573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50402 | 1 Fastcom | 2 Fac1200r, Fac1200r Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. | |||||
| CVE-2025-50681 | 1 Pali | 1 Igmpproxy | 2026-01-02 | N/A | 7.5 HIGH |
| igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN . | |||||
| CVE-2025-15356 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15092 | 1 Utt | 2 512w, 512w Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15091 | 1 Utt | 2 512w, 512w Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15090 | 1 Utt | 2 512w, 512w Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2025-15089 | 1 Utt | 2 512w, 512w Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-50689 | 1 Cobiansoft | 1 Reflector | 2025-12-31 | N/A | 6.2 MEDIUM |
| Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration. | |||||
| CVE-2025-63679 | 1 Free5gc | 1 Free5gc | 2025-12-31 | N/A | 7.5 HIGH |
| free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes. | |||||
| CVE-2024-33453 | 1 Espressif | 1 Esp-idf | 2025-12-31 | N/A | 8.1 HIGH |
| Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. | |||||
| CVE-2024-33454 | 1 Espressif | 1 Esp-idf | 2025-12-31 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. | |||||
| CVE-2025-15193 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2025-15189 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-14709 | 1 Sgwbox | 2 N3, N3 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshell_server of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-36377 | 1 Osslsigncode Project | 1 Osslsigncode | 2025-12-30 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. | |||||
| CVE-2025-47372 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8620p and 43 more | 2025-12-23 | N/A | 9.0 CRITICAL |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | |||||
| CVE-2025-65404 | 1 Live555 | 1 Streaming Media | 2025-12-23 | N/A | 6.5 MEDIUM |
| A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream. | |||||
| CVE-2025-14015 | 1 H3c | 2 Magic B0, Magic B0 Firmware | 2025-12-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-50401 | 1 Mercurycom | 2 D196g, D196g Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. | |||||
| CVE-2025-50398 | 1 Mercurycom | 2 D196g, D196g Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password. | |||||