Vulnerabilities (CVE)

Filtered by CWE-121
Total 2851 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-63152 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63149 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63147 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-62858 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 6.5 MEDIUM
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later
CVE-2025-62852 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 6.5 MEDIUM
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
CVE-2025-62691 2026-06-17 N/A 9.8 CRITICAL
Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.
CVE-2025-62580 1 Deltaww 1 Asda Soft 2026-06-17 N/A 7.8 HIGH
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-62579 1 Deltaww 1 Asda Soft 2026-06-17 N/A 7.8 HIGH
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-62507 1 Redis 1 Redis 2026-06-17 N/A 8.8 HIGH
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
CVE-2025-61856 1 Fujielectric 1 Monitouch V-sft 2026-06-17 N/A 7.8 HIGH
A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
CVE-2025-61577 1 Dlink 2 Dir-816, Dir-816 Firmware 2026-06-17 N/A 7.5 HIGH
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-61128 2026-06-17 N/A 9.1 CRITICAL
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
CVE-2025-60751 2026-06-17 N/A 7.5 HIGH
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
CVE-2025-60699 1 Totolink 2 A950rg, A950rg Firmware 2026-06-17 N/A 6.5 MEDIUM
A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fixed-size stack buffer (`v13`) using `strcpy()` without performing any length checks. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface, potentially leading to arbitrary code execution.
CVE-2025-60663 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60662 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60661 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 5.3 MEDIUM
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60660 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60572 1 Dlink 2 Dir-600l, Dir-600l Firmware 2026-06-17 N/A 7.5 HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
CVE-2025-60571 1 Dlink 2 Dir-600l, Dir-600l Firmware 2026-06-17 N/A 7.5 HIGH
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.