Total
2304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37181 | 2026-02-12 | N/A | 9.8 CRITICAL | ||
| Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems. | |||||
| CVE-2020-37184 | 2026-02-12 | N/A | 9.8 CRITICAL | ||
| Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field. | |||||
| CVE-2020-37176 | 2026-02-12 | N/A | 9.8 CRITICAL | ||
| Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques. | |||||
| CVE-2020-37183 | 2026-02-12 | N/A | 9.8 CRITICAL | ||
| Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe. | |||||
| CVE-2020-37177 | 2026-02-12 | N/A | 7.5 HIGH | ||
| BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain. | |||||
| CVE-2020-37182 | 2026-02-12 | N/A | 7.5 HIGH | ||
| Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination. | |||||
| CVE-2020-37198 | 2026-02-12 | N/A | 7.5 HIGH | ||
| Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash. | |||||
| CVE-2025-48725 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-11 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later | |||||
| CVE-2025-15555 | 1 Open5gs | 1 Open5gs | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue. | |||||
| CVE-2025-29951 | 2026-02-10 | N/A | N/A | ||
| A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution. | |||||
| CVE-2026-25502 | 1 Color | 1 Iccdev | 2026-02-10 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2026-1637 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2026-2191 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2192 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2187 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2186 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2185 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2180 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2181 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-67187 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-02-10 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length. | |||||