Total
1976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60690 | 1 Linksys | 2 E1200, E1200 Firmware | 2025-11-17 | N/A | 8.8 HIGH |
| A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. | |||||
| CVE-2025-63149 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63455 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-60674 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-11-17 | N/A | 6.8 MEDIUM |
| A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device. | |||||
| CVE-2025-63153 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63154 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2025-60679 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-11-17 | N/A | 8.8 HIGH |
| A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device. | |||||
| CVE-2025-11918 | 1 Rockwellautomation | 1 Arena | 2025-11-17 | N/A | 7.3 HIGH |
| Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file. | |||||
| CVE-2025-40843 | 1 Ericsson | 1 Codechecker | 2025-11-14 | N/A | 5.9 MEDIUM |
| CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1. | |||||
| CVE-2021-4464 | 2025-11-14 | N/A | N/A | ||
| FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. | |||||
| CVE-2025-7704 | 2025-11-14 | N/A | 5.4 MEDIUM | ||
| Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability | |||||
| CVE-2024-37003 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-54526 | 1 Fujielectric | 1 Monitouch V-sft | 2025-11-12 | N/A | 7.8 HIGH |
| Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2025-64096 | 1 Nasa | 1 Cryptolib | 2025-11-11 | N/A | 8.8 HIGH |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2. | |||||
| CVE-2025-63468 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63466 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63467 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63469 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63460 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||