Total
2849 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54401 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` request parameter. | |||||
| CVE-2025-54400 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. | |||||
| CVE-2025-54399 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. | |||||
| CVE-2025-54328 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages. | |||||
| CVE-2025-54274 | 1 Adobe | 1 Substance 3d Viewer | 2026-06-17 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54099 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.0 HIGH |
| Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53843 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 7.5 HIGH |
| A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets | |||||
| CVE-2025-53597 | 1 Qnap | 1 License Center | 2026-06-17 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later | |||||
| CVE-2025-53593 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | |||||
| CVE-2025-53521 | 1 F5 | 1 Big-ip Access Policy Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-53418 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability. | |||||
| CVE-2025-53176 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 3.3 LOW |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53175 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53174 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53173 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.3 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53172 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53171 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53022 | 2026-06-17 | N/A | 8.6 HIGH | ||
| TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value (TLV) structure for dependent components against the maximum allowed size. If the length specified in the TLV exceeds the size of the buffer allocated on the stack, the FWU module will overwrite the buffer (and potentially other stack data) with the TLV's value content. An attacker could exploit this by crafting a malicious TLV entry in the unprotected section of the MCUBoot upgrade image. By setting the length field to exceed the expected structure size, the attacker can manipulate the stack memory of the system during the upgrade process. | |||||
| CVE-2025-53009 | 1 Linuxfoundation | 1 Materialx | 2026-06-17 | N/A | 7.5 HIGH |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3. | |||||
| CVE-2025-52999 | 2026-06-17 | N/A | N/A | ||
| jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources. | |||||
