Total
1866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5278 | 2025-10-22 | N/A | 4.4 MEDIUM | ||
| A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. | |||||
| CVE-2014-9163 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. | |||||
| CVE-2013-2597 | 1 Codeaurora | 1 Android-msm | 2025-10-22 | 7.2 HIGH | 8.4 HIGH |
| Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument. | |||||
| CVE-2009-0927 | 1 Adobe | 1 Acrobat Reader | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. | |||||
| CVE-2025-60751 | 2025-10-21 | N/A | 7.5 HIGH | ||
| GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode. | |||||
| CVE-2020-36855 | 2025-10-21 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component. | |||||
| CVE-2025-11678 | 2025-10-21 | N/A | N/A | ||
| Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum. | |||||
| CVE-2025-5555 | 2025-10-21 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early. | |||||
| CVE-2025-46405 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-10-21 | N/A | 7.5 HIGH |
| When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-47347 | 1 Qualcomm | 74 Qam8255p, Qam8255p Firmware, Qam8295p and 71 more | 2025-10-21 | N/A | 7.8 HIGH |
| Memory corruption while processing control commands in the virtual memory management interface. | |||||
| CVE-2025-46397 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-21 | N/A | 4.7 MEDIUM |
| In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. | |||||
| CVE-2025-8958 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2025-10-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24052 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-20 | N/A | 7.8 HIGH |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | |||||
| CVE-2025-11586 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-10-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11549 | 1 Tenda | 2 W12, W12 Firmware | 2025-10-18 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46398 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-16 | N/A | 4.7 MEDIUM |
| In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | |||||
| CVE-2025-24928 | 2 Netapp, Xmlsoft | 16 Active Iq Unified Manager, H300s, H300s Firmware and 13 more | 2025-10-16 | N/A | 7.8 HIGH |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | |||||
| CVE-2025-27151 | 1 Redis | 1 Redis | 2025-10-16 | N/A | 4.7 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | |||||
| CVE-2025-11012 | 1 Behaviortree | 1 Behaviortree | 2025-10-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue. | |||||
| CVE-2025-45587 | 1 Audi | 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware | 2025-10-16 | N/A | 7.0 HIGH |
| A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||